Mobile security experts report that SHAREit, an app for Android devices that has been downloaded more than a billion times, contains severe security flaws that would allow hijacking of its functions to overwrite files, execute malicious code or deploy an attack variant known as Man-in-The-Disk (MiTD).
SHAREit was developed by Spanish firm Softonic and allows users to share files with nearby or remote devices and has become one of the most popular applications of its kind. Although the report of these flaws was presented to developers at least three months ago, the flaws remain unpatched.
Echo Duan, a specialist at security firm Trend Micro, mentions that he decided to publish the report due to massive user exposure: “It’s been three months without receiving a response and there are millions of users exposed, so we decided to disclose our research.” Experts also noted that the flaw is not easily detectable, but the risk of exploitation is real.
The report mentions that the application code declares the stream receiver as ‘com.lenovo.anyshare.app.DefaultReceiver’, which receives the action ‘com.ushareit.package.action.install_completed’ and Extra Intent subsequently calls the startActivity() function. Through a concept test, experts discovered that any application can invoke this component, providing access to arbitrary activities to complete the attack.
A third party might gain temporary read/write access to content provider data through a fileprovider flaw. In addition, the developer specifies an area root path with ample storage, allowing access to all files in the /data/data/<package>.
Researchers included in their proof of concept a code to read WebView cookies and write to any SHAREit file folder: “In other words, it is possible to overwrite any existing files in the application,” the experts mention. This would allow threat actors to hijack SHAREit’s functions through a malicious application without users being able to warn of the attack.
About the MiTD attack, this is a man-in-the-Middle variant related to how Android operating systems manage internal and external storage. This attack allows threat actors to intercept and even alter data on these storage drives, making it more likely considering SHAREit flaws: “When the user downloads an application, it is sent to an external directory, so any application can access this data with write permission to the SD card.”
While the cybersecurity community is still waiting for the response from developers, experts recommend avoiding the use of these apps, as well as verifying that any other tools installed on your devices are updated to the latest version.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.
