Unpatched security vulnerabilities in popular file transfer and content sharing app SHAREit can lead to data theft, arbitrary code execution, and installation of malware, researchers at Trend Micro have discovered. Despite three months having passed since the discovery, SHAREit is yet to apply security patches to its Android mobile app.
In a blog postOpens a new window published this week, Trend Micro revealed that the Android app of SHAREit, a popular file transfer service, features several critical security vulnerabilities that exposed hundreds of millions of SHAREit’s daily active users to various cybersecurity threats for several months.
“We reported these vulnerabilities to the vendor, who has not responded yet,†wrote senior engineers Echo DuanOpens a new window and Jesse ChangOpens a new window at Trend Micro, detailing how the exploitation of these security flaws could allow the execution of malicious code where the app is located on the device. Besides the inherent risk of remote code execution (RCE), vulnerabilities in SHAREit can also lead to man-in-the-middle, and man-in-the-disk attacks.
Owned by Singapore-based tech giant Smart Media4U Technology Pte. Ltd., SHAREit enables users to transfer various kinds of files including Android application packages (apk). The app has been downloaded more than a billion timesOpens a new window from the Android Play Store, and boasts at least 500 million daily active users across platforms.
See Also: Popular WhatsApp Alternatives Found Harboring Serious Privacy Flaws
SHAREit’s Android app, in which the flaws were discovered, requests a number of privacy-invasive permissions from mobile users such as location, camera, storage, Wi-Fi connection information, contacts, microphone, photos/media/files, device & app history, device ID & call information, phone, and other mobile device permissions.
According to Trend Micro, vulnerabilities in SHAREit exist due to improperly set up app code access protocols that expose its internal (non-public) as well as external app activities, download directory, and gives a third-party entity with temporary read/write access to the all device data within the /data/data/<package> folder. What’s more is that the external app data and the download directory are unencrypted and can be easily modified by hackers when conducting man-in-the-disk attacks.
The vulnerabilities also allow an attacker to carry out man-in-the-middle attack by downloading and installing malicious APK files from an arbitrary URL, invoking RCE of arbitrary code etc.
“The vulnerabilities can be abused to leak a user’s sensitive data and execute arbitrary code with SHAREit permissions by using a malicious code or app. They can also potentially lead to Remote Code Execution (RCE),†the researchers said.
“In the past, vulnerabilities that can be used to download and steal files from users’ devices have also been associated with the app. While the app allows the transfer and download of various file types, such as Android Package (APK), the vulnerabilities related to these features are most likely unintended flaws.â€
See More: An Old Vulnerability Plagues 8% of Android Apps: Check Point
Commenting on the discovery of multiple high-severity flaws in the SHAREit Android app, Michael Barragry, operations lead at Edgescan, told Toolbox that it’s disappointing that the application developers failed to fix these issues after such a long period, especially given the severity of the issues.
“Remote Code Execution (RCE) vulnerabilities are amongst the most critical in terms of risk, as they can lead to total compromise of the device on which they are present. It goes without saying that the disclosure of these issues in this manner and the lack of responsiveness from the developers offers very poor optics.
“General security recommendations are usually centred around ensuring updates/patches are in place – however in this case since no patch is available, therefore users need to consider avoiding the app altogether or maybe even contend with the possibility that their device may have already been compromised,†he added.
This is not the first time SHAREit has been marred by concerns regarding the safety of user and device data. In December 2017, security firm Redforce discovered two critical security vulnerabilitiesOpens a new window in the SHAREit Android app- one which allowed hackers to bypass the device authentication mechanism and the other enabling authenticated attackers to download arbitrary files from users’ devices.
Do you think there should be legal mechanisms in place to deal with digital platforms that allow vulnerabilities to persist and endanger user privacy and data security? Let us know on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!