An Android app used by a significant portion of the global population also has glaring security flaws that would allow a skilled hacker to steal a user’s data or even hijack the app’s operations using arbitrary code.
Sharit, which claims to have more than 1 billion global downloads, is the product of the Singapore developer Smart Media4U. Its main feature is peer-to-peer file sharing, which gives users the ability to exchange photos, music, videos, gapplications, which has been on an upward trajectory in recent years, has gained recognition for rapid growth and global coverage.
But apparently it also has software vulnerabilities that would allow a malicious actor to easily leak a user’s data or even execute arbitrary code abusing ShareIpermissions, according a new report of the Trend Micro.
The report shows that one of the main vulnerabilities of the application comes from the way it shares information and permissions with other applications. Indeed, thanks to the way Android phones are configured to share information between different programs that the platform has A history of bad actors trying to exploit inter-application communication and capitalize on it malicious purposes. Specific, “bad applications“Or programs run secretly by a bad actor can look for ways to access data from legitimate applications.
G / O Media may receive a commission
Share it it is essentially configured to open wide doors to other applications when it comes to exchanging data through the content provider interface. According to the researchers, these vulnerabilities could allow “any third party” to “gain temporary read / write access to [app’s] content provider data. This would essentially allow the application to be hijacked to run “custom code, overwrite local application files, or install third-party applications without the user’s knowledge.” Note ZDNet.
Trend Micro-researchers discovered this vulnerability by doing it themselves. By manipulating the way apps in the Android ecosystem talk to each other, they found that ShareIt the application would share too much information, revealing “the arbitrary activities of a user, including ShareIt’s internal (non-public) and external activities of the applications. “In various ways, these security flaws could eventually be” abused to leak sensitive user data and execute arbitrary code with ShareIt permissions, “the researchers write.
Probably the worst thing about the whole report is that Trend Micro says it shared these security issues with Smart Media4U about three months ago and that apparently the company did nothing. The report concludes:
We have reported these vulnerabilities to the provider, which has not yet responded. We decided to disclose our research three months after the report, as many users could be affected by this attack, as the attacker can steal sensitive data and do anything with the permission of applications.
Also, this is not the first time that ShareIt has been reported as a security risk. The app was actually blacklisted by the U.S. in January, when a vague White House executive order from Trump included it as one of several “Chinese-connected” apps that Americans should stay away from. fear of where their data might end up. Upon leaving the door, Trump issued a lot of such orders to the Asian technology sector, most of which seemed designed to antagonize and isolate Chinese companies. The order proclaims:
The United States has estimated that a number of Chinese connected software applications automatically capture large packets of information from millions of users in the United States, including sensitive personal identification and private information. At this time, steps must be taken to address the threat posed by these Chinese connected software applications …
A lot of Americans are unlikely to actually use ShareIt. Outlets in the industry they seem to look that the majority of the application’s user base is in the Middle East, Africa and Asia (era recently banned in India, where the government has banned military service personnel from using the application for data security reasons). However, if you downloaded ShareIt and I use it for some reason, it might be best to rethink that decision.
We contacted Smart Media4U for comments and we will update this story if we hear back.