Bug in SHAREit Android app can get your data hacked


New Delhi, Feb 16 (IANS): A bug in Android file sharing app SHAREit which has been downloaded over 1 billion times in Google Play Store contains several unpatched vulnerabilities that can be abused by hackers to leak sensitive data of its users.

The bugs can be exploited to run malicious code on smartphones where the SHAREit app is installed, according to a new report by cyber security firm Trend Micro.

Now banned in India, SHAREit was one of the most downloaded applications in 2019, which means millions of Indian users may also be at data leaking risk.

"We discovered several vulnerabilities in the application named SHAREit. The vulnerabilities can be abused to leak a user's sensitive data and execute arbitrary code with SHAREit permissions by using a malicious code or app," said Echo Duan, a security researcher with Trend Micro.

"They can also potentially lead to Remote Code Execution (RCE). In the past, vulnerabilities that can be used to download and steal files from users' devices have also been associated with the app," he said in a statement late on Monday.

While the app allows the transfer and download of various file types, such as Android Package (APK), the vulnerabilities related to these features are most likely unintended flaws.

The security researchers have reported these vulnerabilities to the vendor, who has not responded yet.

"We decided to disclose our research three months after reporting this since many users might be affected by this attack because the attacker can steal sensitive data and do anything with the apps' permission. It is also not easily detectable," Trend Micro elaborated.

SHAREit was part of the first lot of 59 Chinese apps that were temporarily banned in India in June last year. In January, the Union Government decided to permanently ban those 59 Chinese mobile applications.

"Security should be a top consideration for app developers, enterprises, and users alike. For safe mobile app use, we recommend regularly updating and patching mobile operating systems and the app themselves," Trend Micro said.

  

Top Stories


Leave a Comment

Title: Bug in SHAREit Android app can get your data hacked



You have 2000 characters left.

Disclaimer:

Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. Daijiworld.com will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will Daijiworld.com be held responsible.