Poor implementation of encryption in a popular Android remote management application exposes millions of users to data theft and remote code execution attacks.
According to researchers from mobile security firm Zimperium, the AirDroid screen sharing and remote control application sends authentication information encrypted with a hard-coded key. This information could allow man-in-the-middle attackers to push out malicious AirDroid add-on updates, which would then gain the permissions of the app itself.
Leave a reply
