Application Security , Fraud Management & Cybercrime , Fraud Risk Management

File-Sharing App SHAREit for Android Has Remote Code Flaw

Trend Micro: Users Face Risk of Data Theft
File-Sharing App SHAREit for Android Has Remote Code Flaw
SHAREit Android App listing on Google Play

A remote code vulnerability in the Android version of the file-sharing app SHAREit could allow hackers to tamper with the app's permissions, enabling them to steal sensitive data, security firm Trend Micro reports.

See Also: Close the Gapz in Your Security Strategy

SHAREit, developed by the Serbia-based app maker of the same name, is a cross-platform sharing app that has had 1 billion downloads to mobile phones. Trend Micro, which informed the app maker about the flaw three months back, says the company has yet to respond. The Android version of the app is currently unavailable for download from the Google Play store.

App Vulnerability

Trend Micro discovered the vulnerability in the broadcast component of the file-sharing app.

A proof-of-concept hack by the researchers showed attackers could exploit the vulnerability to access downloaded information. They could tamper with the app's permissions to steal sensitive data about how the SHAREit app was being used.

"Even worse, the developer specified a wide storage area root path. In this case, all files in the /data/data/ folder can be freely accessed," the report notes.

In addition, attackers can use this control over permissions to install an Android Package Kit that can be used to insert a malicious app and perform man-in-the-middle attacks, Trend Micro reports.

Attackers could exploit the vulnerability in multiple ways, says Burak Agca, engineer at security firm Lookout. "The attackers still have a window of opportunity presented by the gap between disclosure of app or device vulnerabilities and delivery of a patch to address the issue," Agca says. "Without mobile security in place, it's impossible for organizations to address this gap."

IT and security teams should run a risk analysis before deploying any mobile app, Agca says. "This incident is a classic example of how a vulnerable app can lead to the entire mobile device being compromised," he says. "At the very least, this could lead to corporate data loss. However, a more advanced attack could compromise even more."

Android Threats

Hackers and advanced persistent threat groups have been increasingly targeting Android users for cyberespionage and other malicious activities.

This month, researchers at security firm Netlab identified a previously undocumented botnet dubbed "Matryosh" that targeted vulnerable Android devices to help build its network so it can conduct distributed denial-of-service attacks (see: Recently Uncovered Botnet Targets Android Devices).

In December, security firm ReversingLabs identified a new variant of Iranian-linked Android spyware with fresh capabilities, including the ability to snoop on private chats on Skype, Instagram and WhatsApp (see: Iranian-Linked Android Spyware Sneaks Into Private Chats).

About the Author

Akshaya Asokan

Akshaya Asokan

Senior Correspondent, ISMG

Asokan is a U.K.-based senior correspondent for Information Security Media Group's global news desk. She previously worked with IDG and other publications, reporting on developments in technology, minority rights and education.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.