Saturday, April 13, 2024

Unpatched SHAREit Flaw Let Attackers Execute Remote Code

SHAREit app is owned by Smart Media4U Technology Pte. Ltd. which is a global technology company in Singapore. SHAREit was originally made by Chinese tech giant Lenovo.  

The company produces an app, also called SHAREit, which is compatible with various smartphone platforms that allow users to share files between devices directly.

Experts from Trend Micro discovered vulnerabilities in the SHAREit application, which has over 1 billion downloads in Google Play. The vulnerabilities can be abused to leak a user’s sensitive data, execute arbitrary code, and possibly lead to remote code execution.

In the earlier period, vulnerabilities that can be used to download and steal files from users’ devices have also been associated with the app. While the app allows the transfer and download of various file types, such as Android Package (APK), the vulnerabilities related to these features are most likely unintended flaws.

Vulnerability Details

The flaw arises from the way the app facilitates sharing of files (via Android’s FileProvider), potentially allowing any third-party to gain temporary read/write access permissions and exploit them to overwrite existing files in the app’s data folder.

Experts observed SHAREit has set up deep links using URL leading to specific features in the app. These contain features that can download and install any APK. It declares a deep link feature that can download files from a URL that has the scheme of http/https and domain host that matches *.wshareit.com or gshare.cdn.shareitgames.com.

It also provides a feature that can install an APK with the file name suffix sapk. This feature can be used to install a malicious app; in that case, it will enable a limited RCE when the user clicks on a URL.

Therefore, the app is also vulnerable to man-in-the-disk (MitD) attack, which arises when careless use of “external storage” permissions, opens the door to the installation of fraudulent apps and even causes a denial of service condition.

To illustrate, experts manually copied Twitter.apk in the code to replace it with a fake file of the same name. As a result, a pop-up of the fake Twitter app will appear on the main screen of the SHAREit app (as shown below).

Reopening the SHAREit app will cause the fake Twitter app to appear on the screen again to prompt the user to install it (as shown below). Upon clicking the install button, the fake app will be installed successfully and opened automatically. This will show another system notification pop-up.

A pop-up from the fake Twitter app created to test the vulnerability
Download prompt from the fake Twitter app

Recommendations

According to the experts, security must be a top consideration for app developers, enterprises, and users alike.

For safe mobile app use, regularly updating and patching mobile operating systems and the app themselves is essential. Users should also keep themselves informed by reading reviews and articles about the apps they download.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity, and hacking news updates.

Also Read

SHAREit App Vulnerabilities Allows Hackers to Bypass Android Device Authentication & Download Arbitrary Files Remotely

Digital Strike!! India Banned 59 Chinese Apps Including TikTok, UC Browser, SHAREit

Digital Strike!! Government of India Banned 118 Mobile Apps Including PUBG

Website

Latest articles

Alert! Palo Alto RCE Zero-day Vulnerability Actively Exploited in the Wild

In a recent security bulletin, Palo Alto Networks disclosed a critical vulnerability in its...

6-year-old Lighttpd Flaw Impacts Intel And Lenovo Servers

The software supply chain is filled with various challenges, such as untracked security vulnerabilities...

Hackers Employ Deepfake Technology To Impersonate as LastPass CEO

A LastPass employee recently became the target of an attempted fraud involving sophisticated audio...

Sisence Data Breach, CISA Urges To Reset Login Credentials

In response to a recent data breach at Sisense, a provider of data analytics...

DuckDuckGo Launches Privacy Pro: 3-in-1 service With VPN

DuckDuckGo has launched Privacy Pro, a new subscription service that promises to enhance user...

Cyber Attack Surge by 28%:Education Sector at High Risk

In Q1 2024, Check Point Research (CPR) witnessed a notable increase in the average...

Midnight Blizzard’s Microsoft Corporate Email Hack Threatens Federal Agencies: CISA Warns

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive concerning a...
Guru baran
Guru baranhttps://gbhackers.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Top 3 SME Attack Vectors

Securing the Top 3 SME Attack Vectors

Cybercriminals are laying siege to small-to-medium enterprises (SMEs) across sectors. 73% of SMEs know they were breached in 2023. The real rate could be closer to 100%.

  • Stolen credentials
  • Phishing
  • Exploitation of vulnerabilities

Related Articles