
Analysis of multiple vulnerabilities in AirDroid (~50M Android users vulnerable) - evilsocket
https://blog.zimperium.com/analysis-of-multiple-vulnerabilities-in-airdroid/
======
frederikvs
From TFA : "Such requests are encrypted with DES ( ECB mode ) however the
encryption key is hardcoded inside the application itself (thus known to an
attacker)."

The word "however" seems to imply that the first part of the phrase is not a
problem, but the second part is. But DES? Seriously? I thought DES has been
considered unsecure since the 90s. And ECB mode? I thought we all knew you can
see penguins through ECB...

