An Android app used by a large chunk of the global population also has security flaws that would allow a hacker to steal a user’s data or even remove the app’s activity using a configuration code.
ShareIt, which says that there is more to it There are 1 billion global downloads, the result of a Singapore – based developer Smart media4U. Its main feature is peer-to-peer file sharing, which allows users to view photos, music, videos, gifs, help. The app, which has been on track up over several years acquaintance garnered for rapid growth and global reach.
But it also seems to have a software vulnerability that would allow a bad user to easily release user data or even execute a configuration code by misusing ShareIt permits, according to new report from Trend Micro.
The report shows that one of the main vulnerabilities of the app comes from how it shares information and permissions with other apps. Of course, because of the way Android phones are set up to share information between different programs, the platform is on a history of bad actors trying to use and accelerate inter-app communication towards malicious termination. In particular, “bad apps”Or programs run secretly by a malicious user can look for ways to get data on legitimate apps.
G / O Media may receive a commission
ShareIt set up to make the doors open to other apps when it comes to data exchange through its content provider interface. According to researchers, these vulnerabilities could allow “any third-party entity” to gain temporary read / write access to the [app’s] content provider data. This would allow the app to be overridden to “run custom code, override local app files, or install third-party apps without the user knowing,” ZDNet notes.
Trend Micro-researchers discovered this vulnerability by doing it yourself. By manipulating how apps in the Android ecosystem talk to each other, they discovered that the ShareIt the app would share too much information, highlighting “irregular user actions, including ShareIt internal (non-public) activities and external app. “In a number of ways, these security flaws could be“ misused to release user sensitive data and enforce configuration code with ShareIt permissions, ”researchers write.
Perhaps the worst thing in the whole report is that Trend Micro claims to have shared these security issues with Smart Media4U about three months ago and the company apparently did nothing. The report concludes:
We reported these vulnerabilities to the vendor, who has not yet responded. We decided to publish our research three months after we reported this because many users could be affected by this attack, as the attacker can steal sensitive data and do nothing with app permissions.
This is also not the first time that ShareIt expressed as a security risk. The app was blacklisted by the U.S. in January, when an obscure action order from Trump’s White House ordered it as one of several “China-related” claims that Americans should stay away from in fear. that their data would be expired. On the way out the door, Trump issued a blitz of such orders aimed at the Asian tech sector, most of which apparently were designed to opposing and separating Chinese companies. The order states:
The United States has estimated that a number of Chinese linked software applications automatically capture large amounts of information from millions of users in the United States, including personally identifiable and private sensitive information. . At this time, steps need to be taken to address the risk posed by these Chinese affiliate software applications …
Tons of Americans are unlikely to use ShareIt. Business centers they seem to show that the majority of the app ‘s user base is located in the Middle East, Africa and Asia (it was recently banned in India, where the government banned military service personnel from using the app due to data security concerns). However, if you have downloaded ShareIt and if you are using it for some reason, it may be best to reconsider that decision.
We’ve reached out to Smart Media4U for comments and will update this story if we hear back.