The app does not verify if the served update is legitimate. In addition to this, the attackers could also redirect and modify the HTTP traffic sent and received by the device when it checks for updates, and plant a malicious update for it to use. Having this information, the attacker can now impersonate the victim’s device and perform various HTTP or HTTPS requests on its behalf to the AirDroid API endpoints.” “This HTTP request can be decrypted at runtime using the 890jklms key hardcoded inside the application and the authentication fields parsed from the resulting JSON. “A malicious party could perform a MITM network attack and grab the device authentication information (…) from the very first HTTP request the application performs,” they explained. “AirDroid relies on secure HTTPS API endpoints for most of its functionalities, but during our analysis we’ve found that other insecure channels are used for specific tasks,” the researchers noted.įor example, the apps sends statistics to the app developers’ servers over HTTP, but uses a minimal layer of security to protect the data: a symmetric encryption scheme called DES. Tens of millions of users of AirDroid, a remote management tool for Android, are vulnerable to man-in-the-middle attacks that could lead to data theft and their devices being compromised through malicious updates.Īccording to Zimperium researchers, such attacks can be performed when users find themselves on the same unsecured network as the attacker (e.g.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |