AirDroid App Full Phone Takeover Vulnerability Fixed

Hey guys, I’m posting here just for record keeping but a vulnerability I found in the Android app AirDroid has been patched and now been made public. See this blog post for more:

http://www.bishopfox.com/blog/2015/04/airdroid-how-much-do-your-apps-know/

Technical Advisory: http://www.bishopfox.com/news/2015/04/airdroid-web-application-authentication-flaw/

Video of exploit in action:

Matthew Bryant (mandatory)

Matthew Bryant (mandatory)
Security researcher who needs to sleep more. Opinions expressed are solely my own and do not express the views or opinions of my employer.