AirDroid 2: Is AirDroid secure?

Sat Apr 27, 2013 8:25 pm in General

page 2 / 2 << 1, 2 >> go to
T48P
#11

Title

Do not use web.airdroid.com until they release a statement regarding the .XSS vulnerability.

Here's a post from a year and a half ago from Threat Post: http://threatpost.com/android-airdroid- ... 0813/77707

"According to a warning on the US-CERT’s Vulnerability Notes Database this morning, if an attacker was able to get access to a phone with AirDroid installed, they’d be able to send a malicious text message to the browser associated with the account. Once that message is brought up on the browser, the attacker could execute an XSS attack which in turn could lead to a slew of problems, including information leakage, privilege escalation and denial of service on the compromised machine.

"Apparently the problem is that AirDroid’s web interface, web.airdroid.com, doesn’t properly sanitize the code it’s sent via text messages."

Sounds like I'm using it on my home wifi only. Too bad, I'd love to have the theft-recovery feature of being able to track it if lost.
According
to a warning on the US-CERT’s Vulnerability Notes Database this
morning, if an attacker was able to get access to a phone with AirDroid
installed, they’d be able to send a malicious text message to the
browser associated with the account. Once that message is brought up on
the browser, the attacker could execute an XSS attack which in turn
could lead to a slew of problems, including information leakage,
privilege escalation and denial of service on the compromised machine. -
See more at:
http://threatpost.com/android-airdroid- ... FGJSM.dpuf
T48P
sadiee718
#12

Title

Device manager does exceptional job of locating when lost in, say, my house. Can make it ring for 5 minutes and sure to hear.
sadiee718
(Sign in or sign up to post a reply.)
page 2 / 2 << 1, 2 >> go to

Statistics

22139 posts

6049 threads

Members: 137917

Latest Member: dk

Online: 4