Home > Android/Apps > ShareIt’s security flaws are yet another good reason to switch to Nearby Share

ShareIt’s security flaws are yet another good reason to switch to Nearby Share

44 Views

Source: Joe Maring / Android Central

The popular file-sharing app, ShareIt, has been critiqued his week for several vulnerabilities that — if exploited —could allow bad actors to steal your data.

In a post sharing these vulnerabilities (via Ars Technica), the researchers over at Trend Micro said:

The vulnerabilities can be abused to leak a user’s sensitive data and execute arbitrary code with SHAREit permissions by using a malicious code or app. They can also potentially lead to Remote Code Execution (RCE).

Most of the danger comes from ShareIt’s position as a file manager of sorts. The app allows users to share files with other users remotely as such it has a lot of permissions. It needs to be able to see all your files and apps work to effectively, it also needs network access. When it comes down to it, ShareIt has a lot of power, but it doesn’t secure it properly.

As a result of how the app is coded, ShareIt can now serve up files to third-party apps which request it, even private ones which aren’t meant to be shared. Trend Micro notes that “any third-party entity can still gain temporary read/write access to the content provider’s data.” and that ” all files in the /data/data/ folder can be freely accessed.” This means that a malicious developer can build an app and gain access to all of ShareIt’s files cache. It can then use that access to run remote code execution via writing and swapping in its own fake app cache files, according to the researchers.

VPN Deals: Lifetime license for $16, monthly plans at $1 & more

Trend Micro also noted that ShareIt was vulnerable to a man in the middle attack. When downloading apps to install via ShareIt’s own app installer, a bad actor can replace the downloaded APK with an APK of their choosing, and ShareIt will install it all the same. Once a duplicated APK is installed, a target user’s credentials may then be stolen, similar to websites created for phishing.

Trend Micro’s researchers did say that these vulnerabilities were likely unintentional, but they also noted:

We reported these vulnerabilities to the vendor, who has not responded yet. We decided to disclose our research three months after reporting this since many users might be affected by this attack because the attacker can steal sensitive data and do anything with the apps’ permission. It is also not easily detectable.

While having a security flaw isn’t a crime, ShareIt’s lack of response and acknowledgment of the situation is a little worrying. If you’re an Android user mostly sharing files with other Android users, ShareIt can be replaced by Google’s native Nearby Share with ease. It’s already built into most Android phones, can now share apps in addition to files, and its freely accessible via the share sheet, much like Apple’s AirDrop,

But Google’s ease of use isn’t the only reason you’re going to want to hop onto ShareIt. The app has already been banned in India, and a U.S. ban could be just days away, barring any changes from the current administration.

Have you listened to this week’s Android Central Podcast?

Android Central

Every week, the Android Central Podcast brings you the latest tech news, analysis and hot takes, with familiar co-hosts and special guests.

  • Subscribe in Pocket Casts: Audio
  • Subscribe in Spotify: Audio
  • Subscribe in iTunes: Audio

We may earn a commission for purchases using our links. Learn more.

Source link

TAGS
Hi guys, this is Kimmy, I started LicensetoBlog to help you with the latest updated news about the world with daily updates from all leading news sources. Beside, I love to write about several niches like health, business, finance, travel, automation, parenting and about other useful topics to keep you find the the original information on any particular topic. Hope you will find LicensetoBlog helpful in various ways. Keep blogging and help us grow as a community for internet lovers.