Vulnerabilities were patched months ago, although there are still exposed users
Network security and ethical hacking specialists from the International Institute of Cyber Security report the finding of two critical vulnerabilities in the SHAREit app for Android that could be exploited to bypass authentication mechanisms on a device and extract users’ sensitive information.
SHAREit has more than one billion users worldwide and is used to share files from Android, iOS, Windows and Mac systems. Through this platform, users can share videos, music and other files on different devices.
The SHAREit version for Android operating system, which has about 500 million of users, suffers two vulnerabilities: one is an authentication omission flaw and the other one is an arbitrary file downloading vulnerability.
The vulnerabilities had been discovered in December 2017 and corrected in March 2018, although technical details about the errors were revealed just a few days ago. Network security specialists mention that the details were kept hidden due to the vulnerability’s impact, ease of execution, and wide range of attack.
Network security experts found that if a user without a valid session searches for a non-existent page, instead of displaying the error 404 page, SHAREit replies with an empty page and adds the user to the recognized devices, authenticating the unauthorized user.
Vulnerabilities can be exploited in a shared WiFi network to intercept the traffic of a device, among other malicious tasks; the attacker can even gain unrestricted access to the storage of the compromised device.
To exploit the vulnerability, the attacker should simply send a ‘curl’ command that references the path of the target file; the specialists emphasize that you should know the exact location of the file you are pointing to.
The experts developed a proof of concept (nicknamed DUMPit!) with which they managed to download about 3000 different files (about 2 GB of information) in less than 8 minutes.
SHAREit received the vulnerability report in January 2018, although it did not respond to the experts until a month later, when the time limit was about to finish so that the details of the vulnerability would be revealed to the public. The company corrected both failures in March 2018 without making any additional comments.
The two vulnerabilities impact the SHAREit app for Android in the 4.0.28 and previous versions. Cybersecurity experts recommend updating as soon as possible if the user has not already done so.