![]() SHAREit was also one of 60 Chinese apps barred late last year in India. Notably, more than one billion times the Android application has been downloaded. Download, install, and set up in just 3 easy steps. This indicates that any third-party entity can still gain temporary read/write access to the content provider's data.Įven worse, the developer specified a wide storage area root path. In this case, all files in the /data/data/ folder can be freely accessed. We discovered vulnerabilities in the SHAREit application. The following code from our POC reads WebView cookies. These vulnerabilities can be abused to leak a user’s sensitive data, execute arbitrary code, and possibly lead to remote code execution. This can also be used to write any files in the app’s data folder. In other words, it can be used to overwrite existing files in the SHAREit app.A bug in Android file sharing app SHAREit which has been downloaded over 1 billion times in Google Play Store contains several unpatched vulnerabilities that can be abused by hackers to leak sensitive data of its users. File-sharing app SHAREit has several security flaws exposing users to the risk of remote code execution and sensitive data leaks. The bugs can be exploited to run malicious code on smartphones where the SHAREit app is installed, according to a new report by cyber security firm Trend Micro. ShareIt has Major Security Issues even though its one of the most popular apps in the ecosystem, boasting over a billion downloads from Googles Play Store. Trend Micro disclosed the security flaw after auditing one of the most popular android file-sharing apps with over a billion downloads on the Google Play Store. Android malware is nothing new for fans of Googles mobile operating system, but a set of newly discovered vulnerabilities in a popular app called ShareIt. Now banned in India, SHAREit was one of the most downloaded applications in 2019, which means millions of Indian users may also be at data leaking risk. "We discovered several vulnerabilities in the application named SHAREit. The vulnerabilities can be abused to leak a user's sensitive data and execute arbitrary code with SHAREit permissions by using a malicious code or app," said Echo Duan, a security researcher with Trend Micro. "They can also potentially lead to Remote Code Execution (RCE). In the past, vulnerabilities that can be used to download and steal files from users' devices have also been associated with the app," he said in a statement late on Monday. While the app allows the transfer and download of various file types, such as Android Package (APK), the vulnerabilities related to these features are most likely unintended flaws. The security researchers have reported these vulnerabilities to the vendor, who has not responded yet. ![]() "We decided to disclose our research three months after reporting this since many users might be affected by this attack because the attacker can steal sensitive data and do anything with the apps' permission. It is also not easily detectable," Trend Micro elaborated. SHAREit was part of the first lot of 59 Chinese apps that were temporarily banned in India in June last year. ![]() The latest version, released on February 8, 2021, is still insecure. In January, the Union Government decided to permanently ban those 59 Chinese mobile applications. SHAREit continues in the Play Store, and that Trend Micro ensures that it also notified. ![]() 24, 2021 /PRNewswire/ - SHAREit today issued a statement regarding Trend Micro s updates on its earlier reports, which says they have acknowledged that the vulnerabilities. "Security should be a top consideration for app developers, enterprises, and users alike. For safe mobile app use, we recommend regularly updating and patching mobile operating systems and the app themselves," Trend Micro said.
0 Comments
Leave a Reply. |