In 2013, AirDroid patched a vulnerability that allowed hacker to perform DoS attacks from an Android device. In April, AirDroid patched an authentication flaw that could give attackers remote control over a connected Android device. Attackers are able to take complete control over a user’s Android device by achieving a valid session token and use the AirDroid API.Īccording to Check Point, the vulnerability can also be delivered using any messaging app including WhatsApp and email. Another threat is that an attacker could control the content of the target’s device,” Vanunu wrote. “The main threat is a complete theft of private information – imagine, for example, that just receiving an SMS message can result in all of the user’s data being stolen. Once the user receives a text message from that new contact, the malicious code (located at evil.xyz/s.js) is loaded and executed inside the AirDroid web page. The 'AirDroid Account' or 'Account' means the user’s account created by the user when using AirDroid Services, the username and password of which can identify You. Once that phone number is obtained, the attacker needs to share a contact card with the target, and get the target to add it to his or her phone book,” Vanunu wrote. The 'AirDroid Services' or 'Services' mean all software, products, services, websites and relevant contents provided by the Company. “All an attacker needs is the phone number associated with the targeted account.
#Airdroid trusted devices update
Check Point advises AirDroid users to update their application immediately. The company did not reply to a request for comment. With Geofencing, organizations that have vehicles, personnel or valuable assets in the field can use tracking data and workflows to enhance security. 2, AirDroid Desktop Client (3.6.6.2) TU-1086, Low. Sand Studio announced AirDroid Business Geofencing, a location-based solution for businesses to monitor and track device location, automate tasks and receive notification alerts all in one place.
#Airdroid trusted devices apk
“Once exploited, the app enables the attackers to execute code on the device in order to steal data and send it back to their servers,” wrote Oded Vanunu, security research group manager at Check Point and author of the report, adding that an attacker must obtain a valid session token and use the AirDroid API in an attack.Ĭalif-based Sand Studio, the publisher of AirDroid, pushed out security patch (version 3.2.0) to its AirDroid three weeks ago. Google Play seems to be updating AirDroid without any pesky rollout delays, but you can also download it from APK Mirror for devices without Google services. Desktop & Mobile Device Management - ManageEngine Desktop Central. When user saves the contact to their device, that allows an attacker’s malicious payload to exploit a vulnerability in the AirDroid application, according to the Check Point report. The exploit could be carried out if an attacker sends an SMS message that appears to be a legitimate (vCard) contact. 29.Ĭheck Point security researchers disclosed the AirDroid vulnerability on Thursday, issuing an alert that outlined how attackers could steal data from unsuspecting users. AirDroid, an app that allows you link an Android device to a computer and send SMS messages, run apps and add contacts via a Wi-Fi connected web browser, released the patch Jan. A critical vulnerability impacting 50 million Android users running the popular AirDroid application has been patched.
0 kommentar(er)
