Critical vulnerabilities in SHAREit: Patch now

Developers of the mobile app SHAREit published a report mentioning that the severe security flaws detected a few days ago in the app code have finally been corrected. SHAREit, developed by Smart Media4U Technology, had more than one billion downloads at the time these vulnerabilities were reported.

“Last February 15th we received a report from Trend Micro on the possible presence of security vulnerabilities in our application; we work immediately to investigate the veracity of this report and, where appropriate, address the flaws,” the report says.

According to Trend Micro’s report, a threat actor could exploit security flaws in SHAREit to gain access to protected sensitive information on devices compromised by vulnerable versions. These flaws could also have allowed arbitrary code to run by using additional malware.

Another risk for users of vulnerable versions of SHAREit is the possibility to deploy a Man-in-The-Middle (MiTM) attack, which would allow manipulation of application resources stored on the microSD card of compromised devices, giving hackers full access to sensitive files.

Although the app’s developers claim that they were aware of these reports since early February, Trend Micro researchers were very specific about their reasons for publishing the report: “We have decided to disclose our findings as it has been three months since we filed the report with Smart Media4U Technology and still receive no response; the millions of potentially affected users deserve to know the risks they are exposed to if they continue to use this app.”

As if that wasn’t enough, the chances of detecting such attacks are minimal, so a user would detect malicious behavior when it’s too late to implement a security mechanism.

Still, SHAREit ensures that updates that fix these issues were released before hacking groups could find a way to exploit the flaws: “The security of our application and the protection of any record shared through this platform is critical to us. We are fully committed to protecting your information and will continue to adapt to constant changes to ensure that your experience using SHAREit is satisfactory.”

No signs of active exploitation have been detected so far, although the process of installing the latest versions of SHAREit could take weeks considering the large volume of active users. To learn more about information security risks, malware, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) website.