Furthermore, researchers revealed that they have also shared their findings with Google. If you are a SHAREit user, the PrivacySavvy security team would suggest you either uninstall the application or ensure that you have strengthened your Android security at the very best. And the worst thing is, most of those flaws are almost impossible for the victims to detect. To conclude, the famous file-sharing application seems unprotected and contains several flaws. For instance, they are fetching Android Packages (APK) files via URLs that only use the HTTP protocols and sources that are even outside of the Android Play Store. The researchers further revealed that the application is also ensuing risky practices. The attackers can then overwrite the applications’ local files or install irrelevant applications without the user knowing about the process. Severe vulnerabilities found in SHAREitĪccording to the researchers, the absence of restriction coding in the application’s code is the leading cause of these vulnerabilities.īecause of this, any app with malicious codes or a hacker can seize SHAREit core features to run custom code on the target’s device via MITM (man-in-the-middle) network assault. It is also worth noting that such vulnerabilities are not present on the application’s iOS version, where there is an entirely different coding structure. The same SHAREit media player works for pictures, too. Moreover, the application also presents its users with an impressive media player that lets them enjoy movies, videos, and music. The content-sharing app has more than 1.8 billion active users across 200 countries. The China-based application was among the top ten most downloaded apps in 2019. SHAREit is an infamous application that lets users share their files among multiple devices at a swift transmission speed. The researchers gave SHAREit three months to fix it before making their report public. Remote Code Execution (RCE) bugs can let cyber attackers run malicious codes to extract the sensitive information of users if injected into a device.Īccording to the report published by researchers, the SHAREit app’s authorities are aware of the vulnerabilities, but the developers are yet to fix the problem as of Feb 21, 2021. Even though Google knows about the vulnerabilities, the application is still available on the Play Store.Ĭybersecurity researchers from Trend Micro, Echo Duan, and Jesse Chan have detected many RCE vulnerabilities in the famous Android application, SHAREit.The iOS users of the application are safe. The bugs impact the app’s Android version only.SHAREit has various RCE bugs unpatched for the past three months.Google could, technically, remove SHAREit from the Play Store if it is found to be compromising users’ privacy. Trend Micro also shared the findings with Google, though it is unclear what the company’s response was. At this point, unless SHAREit fixes the issues, it would be best for users to delete the app and its accompanying files from their phone. However, the firm said it didn’t receive a response from the company in over three months and hence decided to disclose it on their website. The vulnerabilities were found by security firm, Trend Micro, who first reported them to the company itself. Attackers can exploit such a vulnerability to steal user data or spy on people who use such apps. It leaves them open to deletion, modification and replacement. These happen when the resources of an app are stored without proper security measures, at shared locations on the disk. The app also leaves users open to man in the desk attacks, which were first found back in 2018. The bugs in the app could be used to run malicious code on smartphones, send unwanted commands and perform a man-in-the-middle attack, which is where attackers intercepts messages and other data by putting themselves between the victim and a server where data is being sent to.Īccording to the report, the cause of the vulnerabilities were lack of restrictions on who can access the app’s code. While file sharing has moved to the cloud for many, SHAREit remains a popular application, especially in countries like India. The vulnerabilities affected the Android version of SHAREit, which had been downloaded over a billion times across the world. Formerly Lenovo owned data sharing app, SHAREit, has multiple unpatched vulnerabilities that the app makers failed to fix for over six months, says a new report.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |