SHAREit Vulnerabilities Could Allow Remote Code Execution, Leak Sensitive Data

SHAREit app has been found to have vulnerabilities that can be exploited to leak sensitive data and execute arbitrary code. A cyber-security software company has discovered “several vulnerabilities” in SHAREit and states that these are most likely unintended flaws in the app. The company says it has informed Google of these vulnerabilities. In India, SHAREit was banned back in June last year along with 58 other apps including TikTok, UC Browser, WeChat, and others. These apps had one common factor – they were all of Chinese origin.

Trend Micro, a cyber-security software company, discovered various vulnerabilities in file sharing app SHAREit. To do so, it built a proof-of-concept (POC) code which showed that any app can invoke a StartActivity function in SHAREit, including its internal (non-public) and external app activities. It was also found that any third-party entity can gain temporary read/ write access to the content of the person who is sharing the data. The POC code read WebView cookies and it was noted that this code can be used to write any files in the app's data folder. This means that the files can be overwritten as well.

Attackers could also craft a fake vdex/ odex file – that SHAREit generates when first launched – and then replace those files due to the vulnerability, allowing the attacker to perform code execution.

Trend Micro found that SHAREit provides a feature that can install an APK with the file name suffix ‘sapk' that can be used to install a malicious app. This would enable a limited Remote Code Execution (RCE) when the user clicks on a URL (SHAREit has deep links using URL leading to specific features in the app).

The company built an href attribute in HTML to verify RCE with Google Chrome browser. Chrome was coded to call SHAREit to download the sapk from http://gshare.cdn.SHAREitgames.com and since it supports HTTP protocol, the company found it can be replaced by simulating a man-in-the-middle (MitM) attack. This would allow malware to be downloaded to the user's phone.

Additionally, SHAREit is susceptible to a man-in-the-disk (MITD) attack as when a user downloads a certain app through SHAREit, it goes to a folder in an external directory. This means that the app can access the directory with SD card write permission.

Trend Micro recommends regularly updating mobile operating systems and the apps in order to try and prevent such vulnerabilities negatively affecting you. The Indian government banned SHAREit and 58 other apps back in June 2020 as they were of Chinese origin.

Is Mi 10i a OnePlus Nord killer? We discussed this on Orbital, our weekly technology podcast, which you can subscribe to via Apple Podcasts, Google Podcasts, or RSS, download the episode, or just hit the play button below.