AirDroid
Credit: GreenBot
Update 01:50 Saturday 10 December GMT: just updated to version 4.0.0.3 which claims to fix the vulnerability described below.
AirDroid is a utility for the Android phone OS which allows sharing messages & files on phones with desktops & laptops – this functionality accounts for the 10 million + downloads indicated on the Google Play store.
All of those users are now at risk due to a vulnerability in the app which makes phones susceptible to a man-in-the-middle attack. Affected versions include the latest, version 4.0.0.1 (frequently misreported as 4.0.1). Claims have been made that the author has known about the vulnerability for 6 months – although a fix is promised within 2 weeks.
What should you do? Mobile security firm Zimperium, which discovered the vulnerability, advises that users should uninstall AirDroid until a fix is available.
GreenBot
http://www.greenbot.com/article/3146640/android/severe-airdroid-vulnerability-threatens-tens-of-millions-of-android-users.html
Ars Technica
http://arstechnica.com/security/2016/12/at-least-10-million-android-users-imperiled-by-popular-airdroid-app/ / popular remote management utility AirDroid attracted millions users sharing messages files phones PCs firing it up today mobile security firm Zimperium published report several major vulnerabilities threaten threat hijack your device security issue latest 4.0.0.1 release Zimperium insecure communication channels send the same data used to authenticate the device to their statistics server same network simple man-in-the-middle attack intercept user’s email address password AirDroid hacker download malicious updates app give them full control over the device Zimperium contacted Sand Studio vulnerability last month’s release version 4.0.0.1 vulnerability has not been patched advises users uninstall AirDroid until a fix is available Betty Chen, chief marketing officer Sand Studio Greenbot working on the solution roll out within next two weeks security vulnerabilities Google accounts Google Play store AirDroid popular utility 50 million Android users developers obligation users app safe and secure as possible quickly patched similar bug exposed by Check Point /
