cyber Vulnerability

AirDroid Business

May 19, 2022 1 min read
AirDroid Business

Millions of AirDroid,a device manager app users were left vulnerable to phone data hijacking attacks.

Any attacker could exploit the vulnerability by sending the target a text message from a saved contact that is ‘inserted’ inside the AirDroid interface.

Anyone could be targeted using innocent contact card (vCard) containing malicious code via any service (MMS/WhatsApp/email/etc.) with a phone number associated with the targeted account.

However, in the end of January 2016, AirDroid released an update that contained a fix for the vulnerability.

Source: https://grahamcluley.com/airdroid-patches-vulnerability-exposed-millions-users-phone-data-hijacking/

TPRM report: https://scoringcyber.rankiteo.com/company/airdroidbusiness

"id": "air121917522",
"linkid": "airdroidbusiness",
"type": "Vulnerability",
"date": "01/2016",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"
{'affected_entities': [{'customers_affected': 'Millions',
                        'industry': 'Technology',
                        'name': 'AirDroid',
                        'type': 'Company'}],
 'attack_vector': ['Text message from a saved contact', 'Malicious vCard'],
 'data_breach': {'type_of_data_compromised': 'Phone data'},
 'date_resolved': 'January 2016',
 'description': 'Millions of AirDroid, a device manager app users were left '
                'vulnerable to phone data hijacking attacks. Any attacker '
                'could exploit the vulnerability by sending the target a text '
                'message from a saved contact that is ‘inserted’ inside the '
                'AirDroid interface. Anyone could be targeted using innocent '
                'contact card (vCard) containing malicious code via any '
                'service (MMS/WhatsApp/email/etc.) with a phone number '
                'associated with the targeted account.',
 'impact': {'data_compromised': 'Phone data',
            'systems_affected': 'AirDroid app'},
 'motivation': 'Data Theft',
 'response': {'remediation_measures': 'Released an update containing a fix for '
                                      'the vulnerability'},
 'threat_actor': 'Unknown',
 'title': 'AirDroid Vulnerability Leading to Phone Data Hijacking',
 'type': 'Vulnerability Exploitation',
 'vulnerability_exploited': 'Phone data hijacking via malicious vCard'}
Published by
Roshni Ray
Roshni Ray
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.