File-Sharing App SHAREit for Android Has Remote Code FlawTrend Micro: Users Face Risk of Data Theft
A remote code vulnerability in the Android version of the file-sharing app SHAREit could allow hackers to tamper with the app's permissions, enabling them to steal sensitive data, security firm Trend Micro reports.
See Also: Top 50 Security Threats
SHAREit, developed by the Serbia-based app maker of the same name, is a cross-platform sharing app that has had 1 billion downloads to mobile phones. Trend Micro, which informed the app maker about the flaw three months back, says the company has yet to respond. The Android version of the app is currently unavailable for download from the Google Play store.
Trend Micro discovered the vulnerability in the broadcast component of the file-sharing app.
A proof-of-concept hack by the researchers showed attackers could exploit the vulnerability to access downloaded information. They could tamper with the app's permissions to steal sensitive data about how the SHAREit app was being used.
"Even worse, the developer specified a wide storage area root path. In this case, all files in the /data/data/
In addition, attackers can use this control over permissions to install an Android Package Kit that can be used to insert a malicious app and perform man-in-the-middle attacks, Trend Micro reports.
Attackers could exploit the vulnerability in multiple ways, says Burak Agca, engineer at security firm Lookout. "The attackers still have a window of opportunity presented by the gap between disclosure of app or device vulnerabilities and delivery of a patch to address the issue," Agca says. "Without mobile security in place, it's impossible for organizations to address this gap."
IT and security teams should run a risk analysis before deploying any mobile app, Agca says. "This incident is a classic example of how a vulnerable app can lead to the entire mobile device being compromised," he says. "At the very least, this could lead to corporate data loss. However, a more advanced attack could compromise even more."
Hackers and advanced persistent threat groups have been increasingly targeting Android users for cyberespionage and other malicious activities.
This month, researchers at security firm Netlab identified a previously undocumented botnet dubbed "Matryosh" that targeted vulnerable Android devices to help build its network so it can conduct distributed denial-of-service attacks (see: Recently Uncovered Botnet Targets Android Devices).
In December, security firm ReversingLabs identified a new variant of Iranian-linked Android spyware with fresh capabilities, including the ability to snoop on private chats on Skype, Instagram and WhatsApp (see: Iranian-Linked Android Spyware Sneaks Into Private Chats).