SHAREit is insecure: the app allows remote code execution due to serious vulnerabilities

Share on facebook
Share on twitter
Share on linkedin
Share on reddit
Share on email
Share on whatsapp

SHAREit is insecure: the app allows remote code execution due to serious vulnerabilities

One of the most downloaded applications for share files between different Android suffers serious security problems: SHAREit puts the phones that have it installed at risk. As security experts discovered, the app allows remote code execution without the user knowing.

Sending a song, a photo, a video or even sharing applications with another phone is extremely easy with apps like SHAREit, a software that allows shipping even if there is no internet connection. This software became one of the most popular on Android: uploaded to Google Play in June 2013, the app has accumulated more than 1 billion downloads; accumulating an average rating of 4.1 stars. With such popularity, any mistake is a huge risk. Especially when the user you may lose control of your mobile.


Remote installation of malicious apps, access to all SHAREit files …

Shareit Vulnerability

The discovery, made by the security firm Trend Micro, reveals the enormous risks to user security that the famous file sharing app hides. As the experts have shown, it is possible to run code remotely through SHAREit; which opens the door not only to control the app, but also to be able to install any other application secretly.

As Trend Micro demonstrates, SHAREit declares the issuer generically allowing remote instructions to generate activity within the application. This enables the execution of instructions from other apps, it also gives them permission to read and write to the phone’s storage (even if they don’t have it). Given the SHAREit does not actively protect external access, any attacker can use it as a gateway to install malware, even directly from a URL.

Trend Micro gave SHAREit developers months in advance, but these have not corrected the security errors in the app. The latest version, released on February 8, 2021, is still insecure. SHAREit continues in the Play Store, and that Trend Micro ensures that it also notified Google.

{“file”: “https://webediaespana.video.content-hub.app/default/video/3c/5b/23/600eda894bd22fbb80/default-standard-1080.mp4”, “image”: “https: // webediaespana.delivery.content-hub.app/image/66/44/84/600edadb3bef07ad68/original/mini-9-trucos-android-rapido.jpeg “}

Our recommendation is that if you use SHAREit, change it for another more secure application and also perform the functions of sharing content between Android devices, such as Google files. If the risks can be avoided it is best to do so.

More information | Trend Micro

Via | Android Authority


The news

SHAREit is insecure: the app allows remote code execution due to serious vulnerabilities

was originally published in

Xataka Android

for
Ivan Linares

.

SHAREit is insecure: the app allows remote code execution due to serious vulnerabilities 1

SHAREit is insecure: the app allows remote code execution due to serious vulnerabilities 2