1) Install AirDroid 2) Set a fixed password. 2) Setup ..."> 1) Install AirDroid 2) Set a fixed password. 2) Setup ..." /> Left Your Phone at Home by Mistake? - No Problem | AirDroid Forum | Delight Your Multi-Screen Life

Left Your Phone at Home by Mistake? - No Problem

Thu May 10, 2012 6:24 pm in Other Issues

page 1 / 1
AaronS
OP

Left Your Phone at Home by Mistake? - No Problem

Hey Guys,

I have found a way to access your phone if you leave it home by mistake. I leave mine at home be mistake all the time :\">


1) Install AirDroid
2) Set a fixed password.
2) Setup a Static IP Address for your phone (ether on the phone directly, or by using a DHCP reservation.
3) Setup Port Forwarding and forward port 8888 to your phone IP Address:
4) Setup some sort of Dynamic DNS. I already had this setup, so that part was easy.
5) Access phone by going to your DynamicName:8888


Anyone interested in this? If there is interest, I will do a full writeup with detailed instructions, and maybe a video.


Aaron
AaronS
cinohee
#1

Title

looks very interesting. could you explain how to do this?
cinohee
RRS67
#2

Title

Sounds interesting. Please elaborate further.
RRS67
omsil
#3

Title

omsil
1jbrewer
#4

Title

This setup should not be possible:
http://www.airdroid.com/security.html (see the LAN section)

But if somehow this setup works than please do know that by following the above steps you are allowing the entire internet access to your phone!Normally your NAT router or firewall will block attackers but by doing this you are allowing remote attackers direct access to your phone. In my opinion not the wisest thing to do with beta software that allows you to manage your phone. Especially since it's only a single 5 character code that separates the nasties from being able to access your phone, no username/password combination, just 5 random characters With a small program these are easily guessed within a do-able time period. But don' t just take my word for it:
http://www.lockdown.co.uk/?pg=combi


-Just my 2 cents-
1jbrewer
riccadea
#5

Title

All he's doing is NAT'ing the 8888 port through. On some routers this is called virtual IP or some kind of pass-thru connection.

It's no biggy, and the thing only works as long as you have all of the following conditions set. The AirDroid app is on, the phone is on, the phone is actually on the network, the router is configured, Dynamic DNS is running on either your router or a PC on your home network and it's up to date. As long as you have the password set, I don't see the issue unless there is some kind of exploit like a buffer overflow or something in the AirDroid web server.

If you want to be security anal, you can configure the port as something different and manage the times the port is available. Either way, if you publish anything web side, it's vulnerable to attack.

The only true security is turn the thing off and never turn it back on. Where's the fun in that? ;-)
riccadea
High_Sierra
#6

Title

Not to get too anal or technical, but if you are really worried about security your router/computer should run an SSH server on it, and you should access your entire LAN through just one single hole punched through your firewall. This will also guarantee NAT compatibility since all traffic will tunnel through a device on the LAN and obviously appear local to Airdroid.
High_Sierra
(Sign in or sign up to post a reply.)
page 1 / 1

Statistics

24655 posts

7416 threads

Members: 238739

Latest Member: mammy

Online: 2