Security awareness training should promote the best practice of always entering contact details by hand and to never accept an unexpected vCard, or one from an unknown number or contact.Īsk the Expert: Want to ask Michael Cobb a question about application security? Submit your questions now via email. These products allow IT managers to monitor the patching of their mobile environment and alert users who are at risk from unpatched vulnerabilities. This is best done using a mobile threat prevention or mobile device management solution like those from Check Point, ESET, FireEye and other antivirus vendors. Check Point found that WhatsApp Web, the web-based extension of the WhatsApp phone app, allowed attackers to compromise a victim's computer by sending them a vCard containing malicious code.ĪirDroid released an updated version of their app that contains a fix for the vulnerability in January and network administrators need to ensure that users have it installed. This isn't the first vulnerability associated with contact cards being shared among users. This gives the attacker a valid session token with which to exploit the AirDroid app's APIs and its PC-to-mobile synchronization abilities, enabling them to collect and extract data from the phone or do anything else the AirDroid app can, such as sending SMS messages. When the victim reads the message using the AirDroid app, the malicious code is loaded and executed inside the AirDroid webpage. If the victim accepts and saves the vCard using the AirDroid desktop client, the attacker then sends a text message from the fake contact. Malicious code can be hidden in the vCard's name field. Once they have this, all they need to do is send a specially crafted vCard, designed to look like a legitimate contact, to the target via SMS, email or WhatsApp. To exploit the vulnerability, an attacker needs to know their victim's phone number. While researching the app, Check Point found a vulnerability that would allow an attacker to take control of the Android device. The Android device can either be directly connected to the desktop or in some other location. Using the AirDroid app, users can manage SMS, email, WhatsApp messages, files, contacts, photos and other data direct from their desktop. Web AirDroid provide incoming calls review function which allow to accept or. General AirDroid News Special Events Off Topic FAQ AirDroid Win AirDroid Mac AirDroid Web AirDroid App Other Issues Feature Requests Translate AirDroid. Transfer files, manage SMS and WhatsAPP notifications from your PC, use remote camera to monitor environment in real-time. How does the vulnerability work, and besides patching the AirDroid app, what other measures can security teams take to avoid data hijacking?ĪirDroid is a popular Android device manager application that allows users to remotely access and control their Android phone or tablet from their computer. Install AirDroid app on your mobile and sign in to your AirDroid account. David Byrnes Sun 6:18 pm Latest reply: Catric Hedalgo Wed 7:03 am. Log in to your AirDroid Personal account. The AirDroid device manager app contained a flaw that put approximately 50 million users at risk of phone data hijacking.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |