Unpatched SHAREit Flaw Let Attackers Execute Remote Code

SHAREit app is owned by Smart Media4U Technology Pte. Ltd. which is a global technology company in Singapore. SHAREit was originally made by Chinese tech giant Lenovo.  

The company produces an app, also called SHAREit, which is compatible with various smartphone platforms that allow users to share files between devices directly.

Experts from Trend Micro discovered vulnerabilities in the SHAREit application, which has over 1 billion downloads in Google Play. The vulnerabilities can be abused to leak a user’s sensitive data, execute arbitrary code, and possibly lead to remote code execution.

In the earlier period, vulnerabilities that can be used to download and steal files from users’ devices have also been associated with the app. While the app allows the transfer and download of various file types, such as Android Package (APK), the vulnerabilities related to these features are most likely unintended flaws.

Vulnerability Details

The flaw arises from the way the app facilitates sharing of files (via Android’s FileProvider), potentially allowing any third-party to gain temporary read/write access permissions and exploit them to overwrite existing files in the app’s data folder.

Experts observed SHAREit has set up deep links using URL leading to specific features in the app. These contain features that can download and install any APK. It declares a deep link feature that can download files from a URL that has the scheme of http/https and domain host that matches *.wshareit.com or gshare.cdn.shareitgames.com.

It also provides a feature that can install an APK with the file name suffix sapk. This feature can be used to install a malicious app; in that case, it will enable a limited RCE when the user clicks on a URL.

Therefore, the app is also vulnerable to man-in-the-disk (MitD) attack, which arises when careless use of “external storage” permissions, opens the door to the installation of fraudulent apps and even causes a denial of service condition.

To illustrate, experts manually copied Twitter.apk in the code to replace it with a fake file of the same name. As a result, a pop-up of the fake Twitter app will appear on the main screen of the SHAREit app (as shown below).

Reopening the SHAREit app will cause the fake Twitter app to appear on the screen again to prompt the user to install it (as shown below). Upon clicking the install button, the fake app will be installed successfully and opened automatically. This will show another system notification pop-up.

Recommendations

According to the experts, security must be a top consideration for app developers, enterprises, and users alike.

For safe mobile app use, regularly updating and patching mobile operating systems and the app themselves is essential. Users should also keep themselves informed by reading reviews and articles about the apps they download.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity, and hacking news updates.

Also Read

SHAREit App Vulnerabilities Allows Hackers to Bypass Android Device Authentication & Download Arbitrary Files Remotely

Digital Strike!! India Banned 59 Chinese Apps Including TikTok, UC Browser, SHAREit

Digital Strike!! Government of India Banned 118 Mobile Apps Including PUBG