Network Security, Patch/Configuration Management, Vulnerability Management

AirDroid vulnerability would let attackers take over Android phones

A recently patched vulnerability found in Android's AirDroid application allowed unauthorized access to a user's device, according to a Wednesday Bishop Fox Security release.

AirDroid gives Android users complete control of their mobile device from a laptop or desktop, but an attacker could take over that control by sending a malicious link to a user. Once clicked from a computer logged into web.airdroid.com, the attacker could control the Android device connected to the web interface. Any browser logged into the portal is affected, Matt Bryant, of Bishop Fox Security, told SCMagazine.com a Friday email.

“AirDroid Version 3.0.4 and earlier versions' web applications use JSON with padding (JSONP) for performing cross-origin requests,” Bryant wrote in an advisory. “Due to JSONP being an insecure method of sharing data across origins, it is possible to hijack all of the AirDroid application functionality.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.