We hope you probably know the software called AirDroid. In case you don’t, AirDroid is the utility that enables you to Remotely access your Android phone from Windows, Mac or the Web and that too, wirelessly. Well, this software might seem useful for you and in fact it is used by over 20 Million users across the globe but now, those 20 Million users are exposed to security vulnerabilities. Why ? Well, a security company, Zimperium has said in a statement that various security flaws have been found in the AirDroid application that has put more than 20 Million devices to risk!
Actually, the makers of AirDroid were informed about these flaws by Zimperium almost 6 months ago and they promised to fix it in 4.0 version. But, as the new version was launched, Zimperium found that the issues still persist in the software. This is the reason why the security company decided to make all the information public today. Now, this news can make a lot of users unhappy who use the software to remotely access their devices.
AS PER OFFICIAL WEBSITE OF ZIMPERIUM –
“AirDroid relies on insecure communication channels in order to send the same data used to authenticate the device to their statistics server. Such requests are encrypted with DES ( ECB mode ) however the encryption key is hardcoded inside the application itself (thus known to an attacker). Any malicious party on the same network of the target device could execute a man in the middle attack in order to obtain authentication credentials and impersonate the user for further requests.”
Well, the security firm has said that the 4.0.0 and 4.0.1 versions are still vulnerable. AirDroid has released a statement about the whole issue in which the company has said that –
“Due to the complexity of coding for a cross-screen management application like AirDroid, it is required to have a complete sync systematic coding across clients and server to ensure best possible experience for our users during this transition time, as the systematic amendment will not be completely compatible with the previous versions and some functions may be affected. Although we experienced a major restruction earlier this year, we have worked tirelessly and stretch our capability to the max. to make sure that we bring the best solution to you ASAP. We now catch up the timeline and expect to start to roll out an update within two weeks as planned.”
We hope that the company will release a safe version soon ( as it said in the official statement). But, this really shows how different software companies don’t actually pay much attention to the security of their product. What are your opinions? Do let us know via the comments section. 🙂