December 5, 2016 By Mark Samuels 2 min read

Business leaders should be aware that vulnerabilities in an app could leave millions of Android users at risk of a man-in-the-middle (MitM) attack that can lead to information leakage and remote hijacking.

Researchers at Zimperium discovered that remote management tool AirDroid sends authentication information to a statistics server through unsecure communication channels. This enables cybercriminals to use the app’s functionality against device owners and facilitate MitM attacks.

The news has potential implications for users around the world, since AirDroid has an estimated user base of between 10 and 50 million devices, according to the Google Play Store. IT managers should see the news of a potential MitM attack as another reason to check the relevance of their security policies and mobile strategies.

Android Users at Risk

AirDroid sends the device authentication information to its statistics server through communication channels and encrypts it with Data Encryption Standard (DES) in the Electronic Codebook (ECB) mode, researcher Simone Margaritelli explained on the Zimperium blog. The problem is that fraudsters are able to access the encryption key since it’s hardcoded into the app. A nefarious actor on the device’s network could launch a MitM attack to steal authentication data and impersonate the victim for future requests.

A MitM attack is one where an attacker secretly relays and possibly alters the interaction between two parties. In this case, Margaritelli explained, an attacker could alter the response to the /phone/vncupgrade request. The app typically uses this request to scan for updates.

Don’t Snooze on MitM Attacks

The news will be of interest to IT and security managers in organizations that are evaluating the relative strengths of different mobile operating systems and devices, such as smartphones running Android and Apple devices running iOS.

According to InfoWorld, iPhones account for roughly 70 to 90 percent of devices used in the enterprise. Executive editor Galen Gruman advised businesses to hold back on Android due to security concerns, lack of application choices and the diffuse nature of the operating system.

However, more organizations are allowing workers to embrace bring-your-own-device (BYOD) or choose-your-own-device (CYOD) policies, ZDNet reported. To properly serve all employee types, enterprise mobility leaders must support both BYOD and CYOD and include corporate-owned, privately enabled elements.

MitM Mitigation

Margaritelli advised AirDroid users to use HTTPS channels exclusively, double-check the remote public key and always use digital signatures when updating. Additionally, users should adopt safe key exchange mechanisms instead of relying on encryption keys hardcoded within the app.

After Margaritelli persistently alerted the vendor of the exploit in May, the company issued updated versions 4.0.0 and 4.0.1. No security patch was issued, however. Margaritelli advised AirDroid users to uninstall the app until the vendor issues a fix.

More from

What does resilience in the cyber world look like in 2025 and beyond?

6 min read -  Back in 2021, we ran a series called “A Journey in Organizational Resilience.” These issues of this series remain applicable today and, in many cases, are more important than ever, given the rapid changes of the last few years. But the term "resilience" can be difficult to define, and when we define it, we may limit its scope, missing the big picture.In the age of generative artificial intelligence (gen AI), the prevalence of breach data from infostealers and the near-constant…

Airplane cybersecurity: Past, present, future

4 min read - With most aviation processes now digitized, airlines and the aviation industry as a whole must prioritize cybersecurity. If a cyber criminal launches an attack that affects a system involved in aviation — either an airline’s system or a third-party vendor — the entire process, from safety to passenger comfort, may be impacted.To improve security in the aviation industry, the FAA recently proposed new rules to tighten cybersecurity on airplanes. These rules would “protect the equipment, systems and networks of transport…

Protecting your digital assets from non-human identity attacks

4 min read - Untethered data accessibility and workflow automation are now foundational elements of most digital infrastructures. With the right applications and protocols in place, businesses no longer need to feel restricted by their lack of manpower or technical capabilities — machines are now filling those gaps.The use of non-human identities (NHIs) to power business-critical applications — especially those used in cloud computing environments or when facilitating service-to-service connections — has opened the doors for seamless operational efficiency. Unfortunately, these doors aren’t the…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today