AirDroid Exploit Demo

A vulnerability in the AirDroid application’s web interface made it possible for an attacker to essentially hijack a user’s phone. This video highlights the vulnerability’s implications and how an app’s permissions can become too pervasive.

Transcript

This is the AirDroid exploit demonstration. The victim first clicks on the attacker's link while being logged into the AirDroid service. The exploit then runs taking full control over the AirDroid app and all of its functionality. The attacker then sends a text message from the victim to the victim. The phone's camera is also hijacked, which can be used to remotely monitor the user silently. What permissions do your apps have?

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.