Developers of SHAREit application with billion of installations were unable to fix vulnerabilities for three months

SHAREit application vulnerabilities
Written by Emma Davis

Trend Micro has published a report highlighting several serious vulnerabilities in the popular Android SHAREit file sharing application.

This solution allows users to share files with friends or transfer files between personal devices, and according to official statistics, it has been downloaded over 1,000,000,000 times.

According to the researchers, bugs in the application can be used to run malicious code on users’ smartphones.

The main problem is the lack of proper restrictions on who can use the application code. In essence, malicious applications installed on a user’s device or malefactors performing a man-in-the-middle attack can send malicious commands to the SHAREit application. As a result, its legitimate functions will be used to run arbitrary code, overwrite local files, or silently install third-party applications.Trend Micro researchers told.

In addition, the application was found to be vulnerable to Man-in-the-Disk attacks, first described by Check Point experts in 2018. This problem lies in the fact that many applications can use external storage, sharing space with other applications. As a result, data can be deleted, edited or altered by intruders.

Unfortunately, all of these SHAREit issues have not been fixed yet because Trend Micro was unable to contact the application developers.

We reported these vulnerabilities to the vendor, who has not responded yet. We decided to disclose our research three months after reporting this since many users might be affected by this attack because the attacker can steal sensitive data and do anything with the appsโ€™ permission. It is also not easily detectable.Trend Micro researchers explained.

The report emphasizes that the issues do not pose a threat to the iOS version of SHAREit, as this version of the app builds and runs on a different codebase.

Recommendations:

Security should be a top consideration for application developers, enterprises and users. To use the mobile app safely, Trend Micro recommends installing regular updates and patching mobile operating systems and the app itself. Users should also be aware of issues by reading reviews and articles about downloadable applications.

Let me remind you that the ransomware masked itself as a beta version of Cyberpunk 2077 for Android.

Sending
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Emma Davis

I'm writer and content manager (a short time ago completed a bachelor degree in Marketing from the Gustavus Adolphus College). For now, I have a deep drive to study cyber security.

Leave a Reply

Sending

This site uses Akismet to reduce spam. Learn how your comment data is processed.