Researchers discover a flaw in the popular Android app AirDroid that allows a remote attacker to secretly take control of a victimโs smartphone.
One of the most popular file transfering Apps for Android has a huge problem. It is vulnerable to a authentication flaw that could allow potential hackers to remotely hijack your smartphone.
AirDroid for Android is a very popular App among smartphone users and has been downloaded 20 million times with a overall 4.5 stars ratings from reviewers on Google Play. Researchers at Bishop Foxย have discovered that itย is vulnerable to a pretty serious authentication bug which can be exploited even if the AirDroid for Android App is not being used.
Once an attacker gains access to a victimโs phone, an attacker can perform actions such as taking photos via the phoneโs camera, track the victim via GPS, send messages and harass the victimโs contacts, Bishop Foxโs Matt Bryant explained in a blog post.
Matt explains the modus operandi of the potential hacker :
1.) The attacker sends the victim an innocent-seeming link.
2.) The victim takes the bait and clicks the link.
3.) Click! The attacker โ specifically, his or her website โ now has control of the victimโs phone.
4.) The webpage opens, sending a text message to the victim and taking a photo of him or her as well.
5.) The photo is sent to the attacker, who then uses it to taunt the victim.
The proof-of-concept videoย is given below
Matt says that they had informed the AirDroid security team of this serious vulnerability and AirDroid has now patched the same.
Android smartphone users can download the updated version of AirDroid from here.