AirDroid is a popular tool for wirelessly connecting an Android phone to a PC or Mac so you can receive notifications or send SMS from the desktop, transfer files, and more.

But researchers at Zimperium uncovered a security vulnerability that could allow malicious hackers to intercept your data with a “man in the middle” attack if you’re using AirDroid on an untested network. This could allow someone to steal your login information or run malicious code.

AirDroid says it’s aware of the problem and working on a fix… but for now if you’re an AirDroid users you should probably only use it on a network you trust and not on insecure public WiFi networks.

Update: AirDroid 4.0.0.3 is out, and it should fix the problem.

airdoird-intercept

The security vulnerability has to do with the way AirDroid communicates with your Android device… and with the fact that the encryption key is coded into the application, making it possible for a hacker connected to the same network as your devices to use the encryption key to intercept and manipulate data traveling between your computer and your phone.

Zimperium first alerted AirDroid’s developers about the problem in May, and waited until this week to go public with the information in order to give the developers time to close the security hole.

But AirDroid 4.0 came out last week, quickly followed by version 4.0.1… and both were still vulnerable.

AirDroid released a statement today noting that the company has been working on a solution that improves security without breaking existing functionality of the software.

The company now says it expects “to start to roll out an update within two weeks as planned.”

Until then, it’s probably a good idea to either stop using AirDroid or only use it at home or other places where you know there’s little chance of an attacker intercepting your traffic.

via Ars Technica

Support Liliputing

Liliputing's primary sources of revenue are advertising and affiliate links (if you click the "Shop" button at the top of the page and buy something on Amazon, for example, we'll get a small commission).

But there are several ways you can support the site directly even if you're using an ad blocker* and hate online shopping.

Contribute to our Patreon campaign

or...

Contribute via PayPal

* If you are using an ad blocker like uBlock Origin and seeing a pop-up message at the bottom of the screen, we have a guide that may help you disable it.

Subscribe to Liliputing via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 9,547 other subscribers