Update

Severe AirDroid vulnerability exposes users, patch incoming

A major security issue may have exposed tens of millions of Android phones to attack.

airdroid

Update, 12/9/16: AirDroid says an update is coming soon to fix the security hole. This article was updated to reflect this.

Popular remote management utility AirDroid has attracted tens of millions of users with the lure of sharing the messages and files on their phones with their PCs, but a severe vulnerability had users scared to use the latest version. Now the company says a fix is on the way.

Earlier this month, mobile security firm Zimperium published a report detailing several major vulnerabilities that threaten to hijack your device. The security issue—which existed in previous and current versions of the app, according to Zimperium—is related to “insecure communication channels” that “send the same data used to authenticate the device to their statistics server.” That means someone on the same network could use a simple man-in-the-middle attack to intercept the user’s email address and password associated with AirDroid. Furthermore, the hacker could then download malicious updates to the app that in turn give them full control over the device.

Zimperium noted at the time that they contacted Sand Studio about the vulnerability back in May and had been in communication with the company through last month’s release of version 4.0. However, the firm advised users to uninstall AirDroid until a fix, now rolling out to the Play Store, was made available.

Betty Chen, chief marketing officer at Sand Studio, originally told Greenbot that the company is “indeed working on the solution and it should be expected to start to roll out within next two weeks.” She attributed the lack of prior action to “miscommunication” between Sand Studio and Zimperium. Chen followed up yesterday by saying AirDroid has “improved our encryption mechanism as planned and fixed the issue regarding the recent concern over AirDroid’s security.”

The impact on you at home:  Android users understand that security vulnerabilities are a fact of life, but generally they originate outside of the Play Store. AirDroid is a popular utility used by as many as 50 million Android users, and the developers have an obligation to their users to keep the app as safe and secure as possible. Earlier this year, the company quickly patched a similar bug exposed by Check Point, and it’s good to see Sand Studio has moved quickly to fix this new one.

This story, "Severe AirDroid vulnerability exposes users, patch incoming" was originally published by Greenbot.

To comment on this article and other PCWorld content, visit our Facebook page or our Twitter feed.
Related:
Shop Tech Products at Amazon