AirDroid App vulnerable to Authentication Flaw that allows hackers to take over smartphone

Researchers discover a flaw in the popular Android app AirDroid that allows a remote attacker to secretly take control of a victimโ€™s smartphone.

One of the most popular file transfering Apps for Android has a huge problem. It is vulnerable to a authentication flaw that could allow potential hackers to remotely hijack your smartphone.

AirDroid for Android is a very popular App among smartphone users and has been downloaded 20 million times with a overall 4.5 stars ratings from reviewers on Google Play. Researchers at Bishop Foxย have discovered that itย is vulnerable to a pretty serious authentication bug which can be exploited even if the AirDroid for Android App is not being used.

Once an attacker gains access to a victimโ€™s phone, an attacker can perform actions such as taking photos via the phoneโ€™s camera, track the victim via GPS, send messages and harass the victimโ€™s contacts, Bishop Foxโ€™s Matt Bryant explained in a blog post.

Matt explains the modus operandi of the potential hacker :

1.) The attacker sends the victim an innocent-seeming link.
2.) The victim takes the bait and clicks the link.
3.) Click! The attacker โ€“ specifically, his or her website โ€“ now has control of the victimโ€™s phone.
4.) The webpage opens, sending a text message to the victim and taking a photo of him or her as well.
5.) The photo is sent to the attacker, who then uses it to taunt the victim.

The proof-of-concept videoย is given below

Matt says that they had informed the AirDroid security team of this serious vulnerability and AirDroid has now patched the same.

Android smartphone users can download the updated version of AirDroid from here.

Read More

Suggested Post