AirDroid is a popular tool for wirelessly connecting an Android phone to a PC or Mac so you can receive notifications or send SMS from the desktop, transfer files, and more.
But researchers at Zimperium uncovered a security vulnerability that could allow malicious hackers to intercept your data with a “man in the middle” attack if you’re using AirDroid on an untested network. This could allow someone to steal your login information or run malicious code.
AirDroid says it’s aware of the problem and working on a fix… but for now if you’re an AirDroid users you should probably only use it on a network you trust and not on insecure public WiFi networks.
Update: AirDroid 220.127.116.11 is out, and it should fix the problem.
The security vulnerability has to do with the way AirDroid communicates with your Android device… and with the fact that the encryption key is coded into the application, making it possible for a hacker connected to the same network as your devices to use the encryption key to intercept and manipulate data traveling between your computer and your phone.
Zimperium first alerted AirDroid’s developers about the problem in May, and waited until this week to go public with the information in order to give the developers time to close the security hole.
But AirDroid 4.0 came out last week, quickly followed by version 4.0.1… and both were still vulnerable.
AirDroid released a statement today noting that the company has been working on a solution that improves security without breaking existing functionality of the software.
The company now says it expects “to start to roll out an update within two weeks as planned.”
Until then, it’s probably a good idea to either stop using AirDroid or only use it at home or other places where you know there’s little chance of an attacker intercepting your traffic.
via Ars Technica