A popular Android app on Google Play, named AirDroid could help hackers to access your Android device, security firm test reveals.
Researchers at San Francisco mobile-security company Zimperium have urged the existing 10 million AirDroid users, and also the Android-owners not to use or download the app for another two weeks until the flaw is fixed completely.
In their testing, the researchers found the flaw gives hackers enough access to remotely execute codes on the respective devices. In a statement to Ars Technica, Zimperium explained the static encryption key used in AirDroid to safeguard data transmitted by the app is easy to locate. "The encryption key can be easily found within the app’s code by anyone," they said.
AirDroid is a remote management app developed by Chinese company San Studio. The app allows users to access and control Android devices from the Web or on a PC or Mac. Besides this, the app also offers backup and synching of data such as photos and videos.
Zimperium told Ars Technica the flaw could help “attackers to see the user's sensitive information such as the IMEI, IMSI, and so forth. As soon as the update, or fake update, is installed the software automatically launches the updated [Android app file] without ever verifying who built it.”
Since the flaw is not likely to get fixed for the next two weeks, Zimperium is recommending users to uninstall AirDroid until the fix is executed by the developers.
