What you need to know
- ShareIt has been found to have serious security vulnerabilities by Trend Micro security researchers.
- Some of the documented issues would lead to user data being exposed or stolen.
- The developers had been notified of their concerns three months ago.
The popular file-sharing app, ShareIt, has been critiqued his week for several vulnerabilities that — if exploited —could allow bad actors to steal your data.
In a post sharing these vulnerabilities (via Ars Technica), the researchers over at Trend Micro said:
The vulnerabilities can be abused to leak a user's sensitive data and execute arbitrary code with SHAREit permissions by using a malicious code or app. They can also potentially lead to Remote Code Execution (RCE).
Most of the danger comes from ShareIt's position as a file manager of sorts. The app allows users to share files with other users remotely as such it has a lot of permissions. It needs to be able to see all your files and apps work to effectively, it also needs network access. When it comes down to it, ShareIt has a lot of power, but it doesn't secure it properly.
As a result of how the app is coded, ShareIt can now serve up files to third-party apps which request it, even private ones which aren't meant to be shared. Trend Micro notes that "any third-party entity can still gain temporary read/write access to the content provider's data." and that " all files in the /data/data/
[[ package ]] folder can be freely accessed." This means that a malicious developer can build an app and gain access to all of ShareIt's files cache. It can then use that access to run remote code execution via writing and swapping in its own fake app cache files, according to the researchers.
Trend Micro also noted that ShareIt was vulnerable to a man in the middle attack. When downloading apps to install via ShareIt's own app installer, a bad actor can replace the downloaded APK with an APK of their choosing, and ShareIt will install it all the same. Once a duplicated APK is installed, a target user's credentials may then be stolen, similar to websites created for phishing.
Trend Micro's researchers did say that these vulnerabilities were likely unintentional, but they also noted:
We reported these vulnerabilities to the vendor, who has not responded yet. We decided to disclose our research three months after reporting this since many users might be affected by this attack because the attacker can steal sensitive data and do anything with the apps' permission. It is also not easily detectable.
While having a security flaw isn't a crime, ShareIt's lack of response and acknowledgment of the situation is a little worrying. If you're an Android user mostly sharing files with other Android users, ShareIt can be replaced by Google's native Nearby Share with ease. It's already built into most Android phones, can now share apps in addition to files, and its freely accessible via the share sheet, much like Apple's AirDrop,
But Google's ease of use isn't the only reason you're going to want to hop onto ShareIt. The app has already been banned in India, and a U.S. ban could be just days away, barring any changes from the current administration.
