ANDROID smartphone owners have been put on alert about a hugely popular app from the Google Play Store, which has been downloaded over a billion times, but could pose a serious risk to your device.
If you’re using the ShareIt app on your phone, you may want to uninstall it right away. Cybersecurity giant Trend Micro has discovered glaring security vulnerabilities in the file-sharing app that can be “abused to leak a user’s sensitive data and execute arbitrary code with ShareIt permissions.“
Hackers can use these vulnerabilities to execute arbitrary code and to possibly launch remote code execution attacks. The flaws could also let hackers run Man-in-the-disk (MITD) attacks, which can be used to crash a victim’s Android device.
Trend Micro published their findings on Monday, and at the time said the vulnerabilities in SHAREit hadn’t been fixed. According to the security experts, they had reported their findings to the SHAREit makers three months ago, and yet, the issues in the popular Android app still remain.
Trend Micro has also informed Google about the SHAREit vulnerabilities.
The publication notes: “Android prides itself on intra-app communication, partly because any app can create a content provider and provide its content and services to other apps. If Gmail wants to attach a file to an email, it can do that by showing a list of available file-content providers installed on your phone (it’s basically an “open with” dialog box), and the user can pick their favorite file manager, navigate through their storage, and pass the file they want to Gmail. It’s up to developers to sanitize these cross-app capabilities and only expose the necessary file manager capabilities to Gmail and other apps.”
Since ShareIt also features an Android app installer, it is also susceptible to a “Man-in-the-disk” attack. Due to the vulnerability mentioned above, attackers have the ability to swap out install packages with a malicious app as soon as they’re downloaded. This could lead users to install malicious apps on their devices unknowingly. Furthermore, ShareIt’s game store has the ability to download app data over unsecured HTTP. This can be subject to a “Man-in-the-middle” attack. As Ars Technica explains, “ShareIt registers itself as the handler for any link that ends its domains, like “wshareit.com” or “gshare.cdn.shareitgames.com,” and it will automatically pop up when users click on a download link. Most apps force all traffic to HTTPS, but ShareIt does not. Chrome will shut down HTTP download traffic, so this would have to be done through a Web interface other than the main browser.”
Until these vulnerabilities get patched out, you could always delete SHAREit from your Android device to be on the safe side. And if you have an anti-virus installed from a provider such as Trend Micro then be sure to run a scan to double check no malware has crept onto your device.
