SHAREit Vulnerabilities Could Allow Remote Code Execution, Leak Sensitive Data
SHAREit was among the 59 apps banned in June 2020 in India because it was made by Chinese developers.
Advertisement
By Vineet Washington | Updated: 18 February 2021 16:22 IST
Highlights
SHAREit vulnerabilities could allow attackers to install malicious apps
Attackers could perform remote code execution
SHAREit was banned in India in June 2020
SHAREit is not available on Google Play in India
Photo Credit: Google Play
SHAREit app has been found to have vulnerabilities that can be exploited to leak sensitive data and execute arbitrary code. A cyber-security software company has discovered “several vulnerabilities” in SHAREit and states that these are most likely unintended flaws in the app. The company says it has informed Google of these vulnerabilities. In India, SHAREit was banned back in June last year along with 58 other apps including TikTok, UC Browser, WeChat, and others. These apps had one common factor – they were all of Chinese origin.
Trend Micro, a cyber-security software company, discovered various vulnerabilities in file sharing app SHAREit. To do so, it built a proof-of-concept (POC) code which showed that any app can invoke a StartActivity function in SHAREit, including its internal (non-public) and external app activities. It was also found that any third-party entity can gain temporary read/ write access to the content of the person who is sharing the data. The POC code read WebView cookies and it was noted that this code can be used to write any files in the app's data folder. This means that the files can be overwritten as well.
Attackers could also craft a fake vdex/ odex file – that SHAREit generates when first launched – and then replace those files due to the vulnerability, allowing the attacker to perform code execution.
Trend Micro found that SHAREit provides a feature that can install an APK with the file name suffix ‘sapk' that can be used to install a malicious app. This would enable a limited Remote Code Execution (RCE) when the user clicks on a URL (SHAREit has deep links using URL leading to specific features in the app).
The company built an href attribute in HTML to verify RCE with Google Chrome browser. Chrome was coded to call SHAREit to download the sapk from http://gshare.cdn.SHAREitgames.com and since it supports HTTP protocol, the company found it can be replaced by simulating a man-in-the-middle (MitM) attack. This would allow malware to be downloaded to the user's phone.
Additionally, SHAREit is susceptible to a man-in-the-disk (MITD) attack as when a user downloads a certain app through SHAREit, it goes to a folder in an external directory. This means that the app can access the directory with SD card write permission.
Trend Micro recommends regularly updating mobile operating systems and the apps in order to try and prevent such vulnerabilities negatively affecting you. The Indian government banned SHAREit and 58 other apps back in June 2020 as they were of Chinese origin.
Chinese Apps Said to Face Subpoenas or Bans Under US President Joe Biden’s Order18 June 2021
Search
