An Android app used by a large part of the world’s population also has notable security flaws that allow a smart hacker to steal a user’s data or even to track the app’s operations using to hijack any code.
I sharet, who claims to have more than 1 billion worldwide downloads, is the product of the developer based in Singapore Slim Media4U. Its most important feature is peer-to-peer file sharing, which gives users the opportunity to share photos, music, videos, gifs, ens. The app, which has been on an upward trajectory for the past few years, has received recognition for its rapid growth and global scope.
But it also apparently has software vulnerabilities that allow a bad actor to easily leak a user’s data or even execute random code by abusing ShareI.t permits, according to a new report from Trend Micro.
The report shows that one of the major vulnerabilities in the app is due to how it shares information and permissions with other apps. Indeed, due to the way Android phones is set to share information between different applications, the platform a history of bad actors trying to use and exploit communication between applications malicious endings. Specifically, “bad programsOr programs secretly run by a bad actor can look for ways to access data on legitimate programs.
G / O Media can get a commission
Share it is set to essentially swing the doors open for other apps when it comes to data exchange via the content provider interface. According to researchers, these vulnerabilities could enable “any third-party entity” to “temporarily read / write access to the [app’s] content provider data. This allows a hijacker of the app to ‘overwrite personal code, overwrite the local files of the app or install third-party applications without the user’s knowledge’. ZDNet notes.
Tendency Micro-researchers discovered this vulnerability by doing it themselves. By manipulating how apps in the Android ecosystem talk to each other, they found that the ShareIt information would share too much information, revealing a user’s arbitrary activities, including ShareIt’s internal (non-public) and external app activities. “In various ways, these security flaws can ultimately be ‘abused to leak sensitive data from a user and execute arbitrary code with ShareIt permissions,'” researchers write.
Probably the worst in the whole report is the fact that Trend Micro said about three months ago that it shared these security issues with Smart Media4U and that the company apparently did nothing. The report concludes:
We have reported these vulnerabilities to the seller, who has not yet responded. We decided to release our research three months after we reported it, as many users may be affected by this attack, as the attacker could steal sensitive data and do anything with the consent of the apps.
This is also not the first time that ShareIt was indicated as a security risk. The app was actually blacklisted by the U.S. in January, when a vaguely worded executive order from the Trump White House listed it as one of several “Chinese-affiliated” applications that Americans should stay away from for fear of where their data might end up. . On the way out the door, Trump issued a flash of such orders targeting the Asian technology sector, most of which were designed to counter and isolate Chinese companies. Proclaim the order:
The United States has estimated that a number of software applications related to Chinese automatically record large amounts of information from millions of users in the United States, including sensitive personally identifiable information and private information. At the moment, action needs to be taken to address the threat posed by these Chinese related software applications …
It’s unlikely that a lot of Americans use ShareIt. Operating outlets seems to show that the majority of the app’s user base is located in the Middle East, Africa and Asia (it was recently banned in India, where the government has banned its military service personnel from using the app due to data security concerns). Nevertheless, if you downloaded ShareIt and using it for some reason, it is best to reconsider this decision.
We released Smart Media4U for comment and will update this story when we hear it.