Android remote management tool AirDroid has Vulnerability that can potentially impact over 50 million devices as warned by the security researchers at Zimperium zLabs.
AirDroid has between 10 million and 50 million downloads from the official Google Play software portal, and also the security firm says that its device base is larger than that. According to Zimperium, vulnerabilities in AirDroid allows an attacker to exploit the built-in features and use them against the app users.
The main issue that the security researchers pointed is that AirDroid uses insecure communication channels. This means that the app’s millions of users are exposed to a MitM attack and other kinds of attacks.There is also a high risk of information leak along with remote hijacking of update APKs which could result in remote code execution.
While analysing AirDroid, the security researchers discovered that the communication channels employed to send authentication data to the statistics server are insecure. While the requests are encrypted with the Data Encryption Standard (DES) symmetric-key block cipher in Electronic Codebook (ECB) mode, the encryption key is hardcoded inside the application, meaning that the attacker knows it.
Armed with these details, an actor on the same network with the target device could execute MitM attacks to grab authentication credentials from the very first HTTP request the application performs, and can then impersonate the user for further requests, Zimperium’s Simone Margaritelli explains.
“This HTTP request can be decrypted at runtime using the 890jklms key hardcoded inside the application and the authentication fields parsed from the resulting JSON. Having this information, the attacker can now impersonate the victim’s device and perform various HTTP or HTTPS requests on its behalf to the AirDroid API endpoints,” the researcher notes.
An attacker could craft a payload encrypted in DES with the same exact key to trick the server into spewing user information, which will result in the email and password hash being exposed.
Latest posts by William Fieldhouse (see all)
- A John McAfee-Backed ICO Exposed Thousands of Peoples Documents Due to Security Blunder - April 26, 2018
- Latest Hacking News Podcast #13 - April 17, 2018
- Latest Hacking News Podcast #12 - April 16, 2018