Airdroid, the popular wireless phone-to-PC connection tool, might have some semi-serious security vulnerabilities at the moment that are worth you looking into if you use the service. Keep in mind, though, that a fix to correct them is said to be in the works, one that could be ready within 2 weeks.
What’s the deal, should you be worried as an Airdroid use? (And yes, this is an app that has been downloaded millions of times.) According to a report published by Zimperium, Airdroid has an issue in that it “relies on insecure communication channels in order to send the same data used to authenticate [a] device to their statistics server.” In other words, your device could be at risk of an attack while you are on an insecure network or one that has a “malicious” party on it.
As is almost always the case with these reports, that means your home and work networks are almost guaranteed to be fine to use with Airdroid today and forever. However, the network at Starbucks, your local bar, or your Hackers Anonymous Group, should probably be avoided until a fix arrives.
What could a “malicious” party do through Airdroid? The details here are all sorts of hacker-speak, but the basics are that the bad guys would use a man-in-the-middle (MITM) attack to snatch authentication info and then impersonate your device to gather more info. They could even trick Airdroid into allowing a dangerous .apk package to arrive for installation, which would obviously be really bad.
Zimperium says that they informed Airdroid of the issue back in May, followed up a bunch, and even through multiple updates to Airdroid, still show the service as being vulnerable today. Airdroid responded this morning by saying that they are aware of the issue, yet because of the drastic changes that need to be made to fully wipe out these vulnerabilities, it has taken them a long time to get there. (Or maybe because they were too excited to release Airdroid 4 instead of caring about security?)
Either way, Airdroid says that they “have worked tirelessly” and stretched their capabilities “to the max” in order to get a fix out. They expect, at least as of today, to push an update “within two weeks” to fully secure Airdroid.