Posted on February 18, 2021 at 10:54 AM
Security researchers have seen several vulnerabilities in the popular SHAREit application. According to the report, threat actors can abuse the vulnerability to expose sensitive user information and execute arbitrary codes with SHAREit permissions.
The app has also been linked in the past with bugs that can be utilized to download and steal files from users’ devices.
The bugs linked to these features are generally unintended vulnerabilities, even though the app enables the transfer of different files such as the Android Package (APK).
The app has received a lot of backlash due to the series of vulnerabilities discovered in the app.
The bug can lead to Remote Code Execution
Jesse Chang and Echo Duan at Trend Micro reported that the app can also be exploited which can potentially lead to Remote Code Execution (RCE).
The researchers said the vulnerabilities were reported to the vendor and nothing was done about them immediately.
“We reported these vulnerabilities to the vendor, who has not responded yet,” the researchers said.
They added that they decided to disclose the research so that those who are affected by the vulnerabilities can correct them and update their devices. The vulnerabilities are critical because threat actors can steal users’ information and perform different actions with the app. Also, the fact that the app is not easy to detect makes it very dangerous, according to the analysts.
Burak Agna, an engineer at mobile security solutions provider Lookout, stated that the native security capabilities of mobile devices are lagging. As a result, they have become the major target for cybercriminals.
SHAREit is one of the most downloaded apps in 2019
The researchers carried out a proof-of-concept to inspect the vulnerability and find out whether a third-party can gain access to the data of the content provider.
After hacking into the folder, the threat actors can overwrite the files in the SHAREit app when they create a file and carry out a code execution.
SHAREit placed links using a URL that directs to certain features in the app which can easily download and install any APK.
Threat actors can manipulate this feature and install a malicious app, enabling remote code execution when the user taps the URL.
The app claims to have a billion downloads from Google PlayStore and was one of the most downloaded apps in 2019.
Vulnerability still exists
The security analysts also stated that SHAREit is susceptible to a man-in-the-disk attack. After the user has finished downloading the app from the download center, it can be sent to the directory. The feature can open access for any app with the SDcard write permission since any app can access it.
Google has done something to limit the impact of the vulnerability and the frequency of attacks on users.
Google removed user access to the Android operating system. The tech giant has offered organizations the ability to use Android Enterprise to manage mobile fleets.
But there is still a window of opportunity for the attackers since there is no patch yet to address the issue even after the vulnerability has been disclosed.
And if mobile security is absent, it will be very difficult for business organizations to address the gap. That means they have to depend on their workers to update the systems when patches to the vulnerability are available. According to the security researchers, this is certainly not a good strategy since the threat actors can strike at any time.
Finding the right solution
The security researchers have advised organizations to develop their own malicious app detecting tools to help them limit the risk of attacks on their systems. Additionally, the security and IT teams need to run mobile app risk analysis before allowing employees to use the app.
The researchers advised that IT heads need to do more than merely managing devices if they want to prevent incessant attacks through vulnerable devices.
They warned that mobile devices are one of the most vulnerable access points for threat actors, and more cybercriminals are increasing their attacks on these devices. Patches to the vulnerabilities may not arrive on time, so the organization has to put measures in place to protect their system, the researchers concluded.