Severe AirDroid vulnerability exposes users, patch incoming
Update, 12/9/16: AirDroid says an update is coming soon to fix the security hole. This article was updated to reflect this.
Popular remote management utility AirDroid has attracted tens of millions of users with the lure of sharing the messages and files on their phones with their PCs, but a severe vulnerability had users scared to use the latest version. Now the company says a fix is on the way.
Earlier this month, mobile security firm Zimperium published a report detailing several major vulnerabilities that threaten to hijack your device. The security issue—which existed in previous and current versions of the app, according to Zimperium—is related to “insecure communication channels” that “send the same data used to authenticate the device to their statistics server.” That means someone on the same network could use a simple man-in-the-middle attack to intercept the user’s email address and password associated with AirDroid. Furthermore, the hacker could then download malicious updates to the app that in turn give them full control over the device.