Homepage‎ > ‎

2. Attack AirDroid

AirDroid (www.airdroid.com) is a top-ranked app on the market that allows users to access and manage their mobile devices wirelessly from desktop by opening a server on the phone. It is a preinstalled app on Samsung Chromebook and Smartisan phone. And it provides a rich set of functionality such as accessing camera and installing app remotely. It employs the state-of-the-art technique to protect its open port functionality, which is incoming client notification.  The app pops up window showing the client IP address every time when there is incoming request. 

We show that remote attacker can still exploit all the functionality by hijacking the authentication process of the legitimate connection.  The vulnerability is assigned CVE id: CVE-2016-5227

The demo shows that with a collaborative on-device malware with only Internet permission inferring the timing of legitimate incoming connection, a remote attacker can hijack the authentication process of the legitimate connection by sending request to the port at right timing. When user clicks to allow legitimate client, remote attacker is granted access instead. Highly-sensitive functionalities such as open camera, add contact, open URL, and install apps are thus exposed to remote attacker. 

YouTube Video