“Check Point continues to be on the lookout for vulnerabilities in common software apps and Internet platforms. Another threat is that an attacker could control the content of the target’s device,” said Oded Vanunu, Security Research Group Manager at Check Point.
The main threat is a complete theft of private information – imagine, for example, that just receiving an SMS message can result in all of the user’s data being stolen. “The AirDroid attack flow provides cybercriminals with a very easy way to target users: sending a contact card and an SMS message to execute the attack. Here’s another example: Extracting the target’s entire contact list from her or his phone book: Here’s an example of malicious usage of the API: Sending a text message from the target’s phone: To take advantage of AirDroid’s functionality, an attacker must get a valid session token and use the AirDroid API.
#AIRDROID BETA CODE#
Once the user receives a text message from that new contact, the malicious code located at evil.xyz/s.js is loaded and executed inside the AirDroid web page. For example, here’s a contact sent via WhatsApp:Īs shown, the payload isn’t visible to the user, even when looking at the phone book:
The contact card has the following structure:Īs mentioned, the contact card can be sent via any service that enables contact sharing (WhatsApp/MMS/email/etc.). Once that phone number is obtained, the attacker needs to share a contact card with the target, and get the target to add it to his or her phone book. Attackers can send their targets a seemingly innocent contact card (vCard) containing malicious code via any service (MMS/WhatsApp/email/etc.).Īll an attacker needs is the phone number associated with the targeted account. To exploit the vulnerability, a potential attacker simply needs to send the target a text message from a saved contact that is “inserted” inside the AirDroid interface. Based on Google Play, AirDroid is used by approximately 50 million users worldwide.Ĭheck Point security researcher Kasif Dekel recently discovered a significant vulnerability (CVE-2015-8112) that allows attackers to execute malicious code on an AirDroid session. Using the AirDroid app, users can easily manage SMS messages, files, contacts, photos, videos, WhatsApp/Line/WeChat communications, and more.
#AIRDROID BETA ANDROID#
A Bit About AirDroidĪirDroid is a free and fast Android device manager application that allows users to remotely and securely access and manage Android phones and tablets from their computers. Following notification from Check Point on November 15, 2015, AirDroid rolled out fixed application on Janu(ver 3.2.0). AirDroid is an Android device manager application that enables users to access their Android devices remotely from their computers. Research at a GlanceĬheck Point recently discovered a significant vulnerability (CVE-2015-8112) that allows attackers to execute malicious code during an AirDroid session. The Check Point’s Mobile Threat Prevention solution, for example, is able to detect and alert users who are at risk from these vulnerabilities and allow IT managers to monitor the patching of their mobile environment. IT managers who wish to protect their devices and sensitive data must use a more comprehensive and complete security measure. IT and security managers cannot rely on employees to apply application patches in order to be protected. Many known vulnerabilities still exist in various apps, and many more remain to be discovered. This is not the only vulnerability which exposes Android users to potential attacks and data thefts. Once exploited, the App enables the attackers to execute code on the device in order to steal data and send it back to their servers. The user then saves the contact to his device, allowing the malicious payload to exploit a vulnerability in the AirDroid application. This is made possible by the following procedure: an attacker sends an SMS or its equivalent which contain a malicious payload to his victim, masqueraded as a legitimate contact. Using the newly revealed vulnerability, an attacker can steal data from unsuspecting users. AirDroid is a device manager app which allows users to access their Android devices through their computers. This vulnerability affects the 50 million AirDroid users around the globe. Check Point alerted AirDroid that its Android device manager app is vulnerable to phone data hijacking and malicious code execution by remote attackers.Ī new vulnerability in the AirDroid App was revealed by Check Point.
0 kommentar(er)
