Business leaders should be aware that vulnerabilities in an app could leave millions of Android users at risk of a man-in-the-middle (MitM) attack that can lead to information leakage and remote hijacking.

Researchers at Zimperium discovered that remote management tool AirDroid sends authentication information to a statistics server through unsecure communication channels. This enables cybercriminals to use the app’s functionality against device owners and facilitate MitM attacks.

The news has potential implications for users around the world, since AirDroid has an estimated user base of between 10 and 50 million devices, according to the Google Play Store. IT managers should see the news of a potential MitM attack as another reason to check the relevance of their security policies and mobile strategies.

Android Users at Risk

AirDroid sends the device authentication information to its statistics server through communication channels and encrypts it with Data Encryption Standard (DES) in the Electronic Codebook (ECB) mode, researcher Simone Margaritelli explained on the Zimperium blog. The problem is that fraudsters are able to access the encryption key since it’s hardcoded into the app. A nefarious actor on the device’s network could launch a MitM attack to steal authentication data and impersonate the victim for future requests.

A MitM attack is one where an attacker secretly relays and possibly alters the interaction between two parties. In this case, Margaritelli explained, an attacker could alter the response to the /phone/vncupgrade request. The app typically uses this request to scan for updates.

Don’t Snooze on MitM Attacks

The news will be of interest to IT and security managers in organizations that are evaluating the relative strengths of different mobile operating systems and devices, such as smartphones running Android and Apple devices running iOS.

According to InfoWorld, iPhones account for roughly 70 to 90 percent of devices used in the enterprise. Executive editor Galen Gruman advised businesses to hold back on Android due to security concerns, lack of application choices and the diffuse nature of the operating system.

However, more organizations are allowing workers to embrace bring-your-own-device (BYOD) or choose-your-own-device (CYOD) policies, ZDNet reported. To properly serve all employee types, enterprise mobility leaders must support both BYOD and CYOD and include corporate-owned, privately enabled elements.

MitM Mitigation

Margaritelli advised AirDroid users to use HTTPS channels exclusively, double-check the remote public key and always use digital signatures when updating. Additionally, users should adopt safe key exchange mechanisms instead of relying on encryption keys hardcoded within the app.

After Margaritelli persistently alerted the vendor of the exploit in May, the company issued updated versions 4.0.0 and 4.0.1. No security patch was issued, however. Margaritelli advised AirDroid users to uninstall the app until the vendor issues a fix.

More from

Is It Time to Start Hiding Your Work Emails?

In this digital age, it is increasingly important for businesses to be aware of their online presence and data security. Many companies have already implemented measures such as two-factor authentication and strong password policies – but there is still a great deal of exposure regarding email visibility. It should come as no surprise that cyber criminals are always looking for ways to gain access to sensitive information. Unfortunately, emails are a particularly easy target as many businesses do not encrypt…

2022 Industry Threat Recap: Finance and Insurance

The finance and insurance sector proved a top target for cybersecurity threats in 2022. The IBM Security X-Force Threat Intelligence Index 2023 found this sector ranked as the second most attacked, with 18.9% of X-Force incident response cases. If, as Shakespeare tells us, past is prologue, this sector will likely remain a target in 2023. Finance and insurance ranked as the most attacked sector from 2016 to 2020, with the manufacturing sector the most attacked in 2021 and 2022. What…

X-Force Prevents Zero Day from Going Anywhere

This blog was made possible through contributions from Fred Chidsey and Joseph Lozowski. The 2023 X-Force Threat Intelligence Index shows that vulnerability discovery has rapidly increased year-over-year and according to X-Force’s cumulative vulnerability and exploit database, only 3% of vulnerabilities are associated with a zero day. X-Force often observes zero-day exploitation on Internet-facing systems as a vector for initial access however, X-Force has also observed zero-day attacks leveraged by attackers to accomplish their goals and objectives after initial access was…

And Stay Out! Blocking Backdoor Break-Ins

Backdoor access was the most common threat vector in 2022. According to the 2023 IBM Security X-Force Threat Intelligence Index, 21% of incidents saw the use of backdoors, outpacing perennial compromise favorite ransomware, which came in at just 17%. The good news? In 67% of backdoor attacks, defenders were able to disrupt attacker efforts and lock digital doorways before ransomware payloads were deployed. The not-so-great news? With backdoor access now available at a bargain price on the dark web, businesses…