The popular android app AirDroid which lets users organize their lives by providing the remote ability to send text messages, edit files, manage other apps and perform GPS tracking suffers from a serious authentication flaw which allows attackers to take control over user's activities.
Th flaw can be exploited to take photos of the victim via the phone’s camera, track the victim via GPS or harass the victim’s friends and family via contacts.Anything that the app has permission to access to can be accessed by the remote attacker.
The mode of attack is very simple, the attacker would send a innocent-looking link to the user which if clicked leads to the webpage of the attacker. The attacker thus assumes control over the user's phone and can activate the phone's camera to take photos of the user and taunt the user.
This bug has been fixed as of now but the security risk it posed raises questions on how much should an app be permitted to know.
Often for the sake of convenience we offer personal information to the apps thus compromising our security. The long list of permissions that an app asks for is also cumbersome for many users to scan through and they just hit agree. One never knows how many vulnerabilities are lurking in the apps we freely download and use and how those vulnerabilities can be exploited to take over our daily activities.One must be careful of the things they are agreeing to while installation.
Constant vigilance is the key.
Th flaw can be exploited to take photos of the victim via the phone’s camera, track the victim via GPS or harass the victim’s friends and family via contacts.Anything that the app has permission to access to can be accessed by the remote attacker.
The mode of attack is very simple, the attacker would send a innocent-looking link to the user which if clicked leads to the webpage of the attacker. The attacker thus assumes control over the user's phone and can activate the phone's camera to take photos of the user and taunt the user.
This bug has been fixed as of now but the security risk it posed raises questions on how much should an app be permitted to know.
Often for the sake of convenience we offer personal information to the apps thus compromising our security. The long list of permissions that an app asks for is also cumbersome for many users to scan through and they just hit agree. One never knows how many vulnerabilities are lurking in the apps we freely download and use and how those vulnerabilities can be exploited to take over our daily activities.One must be careful of the things they are agreeing to while installation.
Constant vigilance is the key.