AirDroid has gaping security holes.


AirDroid is one of the treasures of the Android world, a product of the platform’s more open nature. In a nutshell, it allowed Android users to control their devices from a web browser, to send or read messages, manage files, or even mirror the device’s screen.

AirDroid’s rather lax security implementation in communicating with its servers both to authenticate users as well as in checking for updates. When it does so, it sends an encrypted packet containing the user’s e-mail address and password. However, the encryption keys are hardcoded into the app and is the same for all installs of AirDroid.

AirDroid’s own app to get users to install malicious apps. Hackers can use a common Man In The Middle attack when the app checks for updates from the server. The developers at AirDroid responded with a now much criticized blog post, both explaining the matter and seemingly downplaying its implications. They reassure users that the exploits can really only happen when connecting to a public network.



Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s