|    |    |    | Today: 03-Apr-2020 |

AirDroid vulnerability allows hackers to perform Dos attack from your Android device

April 12, 2013 | Posted in News



A vulnerability in AirDroid application which provides wireless management of your Android phone or tablet from any browser on the same Wi-Fi network allow hackers to perform Dos attack from your Android device.

Cross Site scripting or XSS vulnerability in the browser version of AirDroid allows an attacker is able to send a malicious text message to the browser associated with the account when attacker is able to get access to a phone with AirDroid installed.

According to advisory posted by US-Cert, When this message is viewed on the AirDroid web interface an attacker can conduct a cross-site scripting attack, which may be used to result in information leakage, privilege escalation, and/or denial of service on the host computer.

Vulnerability is currently not patched and also AirDroid team didn't annouce any update regarding fix. As a general good security practice, only allow connections from trusted hosts and networks.

Flaw registered as CVE-2013-0134, and restricting access would prevent an attacker from accessing the AirDroid web interface using stolen credentials from a blocked network location.

Taged in: AirDroid, allows, attack, hackers, perform, vulnerability