It wouldn’t be the first time that both the Android OS and the Google Play Store have run into trouble, either. SHAREit is a multi-purpose cross-platform sharing app that promises “ high transfer speeds & free online feeds“. It is developed and distributed by Barcelona-based Softonic. Information on their website states that they are the global leader in software and app discovery. Their SHAREit app claims to be the “fastest in the world” with the ability to “transfer all types of files” with an included “powerful” media player. SHAREit brings in over 1 billion installations and hosts hundreds of millions of active users. Mobile cybersecurity researchers Jesse Chan and Echo Duan of Trend Micro warned of a serious vulnerability within the SHAREit app.Īpparently, researchers were aware of the vulnerability for months and have relayed it to the app maker Softonic and Google. Furthermore, the research team decided to delay news of their findings, possibly to protect the public. The app maker has not responded to the research team in the meantime. The now ongoing SHAREit flaw contains the following elements This is not the first time SHAREit has faced such vulnerabilities, as user files were shown to be at risk of theft and misuse in February 2019 (version 4.0.38). A vulnerability that may lead to Remote Code Execution (RCE).A vulnerability that can lead to user data leakage and code execution via SHAREit permissions.The app is connecting to risky third-party sources.Singapore-based developer Smart Media4U Technology PTE. LTD., have as of yet not officially patched SHAREit, despite being aware of the issue. SHAREit update version history does not show the issue as being addressed. These vulnerabilities can be exploited by cybercriminals with the use of ‘malicious’ software or code. Cybercriminals can exploit RCE bugs to extract user data by ‘tricking’ the app. The ability to launch a man-in-the-disk ( MiTD) attack is also possible due to the above flaws. TREND MICRO SHAREIT 1B FULLĪnother vulnerability is that the compromised app allows third parties full control and a backdoor into storage shared by other apps on Android devices, effectively putting the user’s personal data at risk. Interestingly, Google is still hosting the app on their Play Store. App maker Softonic has also not posted any information regarding the vulnerability on their website, the Google Play Store, or Twitter. There is an active Reddit discussion regarding the SHAREit case. Researchers at Trend Micro have released their Proof-of-Concept (POC) data, and as such SHAREit has been deemed no longer safe to use. Safety RecommendationsĬybersecurity issues on the Android platform are certainly not a new occurrence. TREND MICRO SHAREIT 1B SOFTWAREĪndroid is by far the most popular mobile OS out there, and due to its far-reaching use, distribution, and extremely high number of global users, security threats and software vulnerabilities are very common.Cybersecurity experts have discovered a popular Android app riddled with vulnerabilities has been download one billion times. SHAREit is used to share files between Android users and devices.Īn attacker can exploit the permissions on SHAREit mobile app to leak sensitive data and remotely execute malicious code. SHAREit is owned by Smart Media4U Technology Pte.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |