Technology

Unpatched security bug in SHAREit can let hackers inject malware


The vulnerabilities were discovered by researchers from Trend Micro, a cyber security firm, who said these can be used to download and steal files from users’ devices.

(Subscribe to our Today’s Cache newsletter for a quick snapshot of top 5 tech stories. Click here to subscribe for free.)

The popular file sharing app, SHAREit has multiple unpatched vulnerabilities that can be abused to leak users’ sensitive data, and run an arbitrary code by injecting malware which even lead to remote code execution.

The app has over a billion downloads in Google Play and was one of the most downloaded applications in 2019.

The vulnerabilities were discovered by researchers from Trend Micro, a cyber security firm, who said these can be used to download and steal files from users’ devices.

The researchers performed a proof-of-concept to inspect the vulnerability and found that any third-party entity can gain temporary access to the content provider’ data. Once hacked into the folder, attackers can overwrite the existing files in the SHAREit app by crafting a fake file and then performing code execution.

SHAREit has set up links using URL which directs to specific features in the app that can download and install any APK. This feature can be manipulated to install a malicious app and enable remote code execution when the user clicks on a URL.

This can also be done by downloading the APK from an arbitrary URL and install APK under an arbitrary path by using the code through a malicious app locally.

Researchers noted that SHAREit is also vulnerable to a man-in-the-disk attack. When a user downloads the app in the download centre, it goes to the directory. As the folder is an external directory, any app can access it with the SDcard write permission.

Trend Micro revealed the vulnerabilities three months after reporting them to the vendor, who has not responded yet. It suggested that users update and patch mobile operations systems regularly.

You have reached your limit for free articles this month.

Subscription Benefits Include

Today’s Paper

Find mobile-friendly version of articles from the day’s newspaper in one easy-to-read list.

Unlimited Access

Enjoy reading as many articles as you wish without any limitations.

Personalised recommendations

A select list of articles that match your interests and tastes.

Faster pages

Move smoothly between articles as our pages load instantly.

Dashboard

A one-stop-shop for seeing the latest updates, and managing your preferences.

Briefing

We brief you on the latest and most important developments, three times a day.

Support Quality Journalism.

*Our Digital Subscription plans do not currently include the e-paper, crossword and print.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button