@UKTechHub

UKTechHub

UK Tech Forums

PayPal-Donate button
.
.

Reply To: Google Play Store app, known as SHAREit A Security Risk If you own an Android smartphone or tablet, you need to sit-up and listen. A popular Google Play Store app, known as SHAREit, which has been downloaded one billion times and received…

UKTH forums 📱 Mobile Android Tablets Google Play Store app, known as SHAREit A Security Risk If you own an Android smartphone or tablet, you need to sit-up and listen. A popular Google Play Store app, known as SHAREit, which has been downloaded one billion times and received... Reply To: Google Play Store app, known as SHAREit A Security Risk If you own an Android smartphone or tablet, you need to sit-up and listen. A popular Google Play Store app, known as SHAREit, which has been downloaded one billion times and received…

February 18, 2021 at 8:03 am #12026
UK SentinelUK Sentinel
Keymaster
  • Replies 8,527
  • The Skipper

From Another source:

SHAREit app for Android said to share way too much: Billion-download code with holes no one wants to fix

Trend Micro claims software is full of security flaws that allow data out and malware in

Trend Micro has published a report claiming that data-sharing Android app SHAREit, which has over a billion downloads, contains multiple vulnerabilities after the app’s maker ignored advice to fix the flaws.

In a blog post published on Monday, Trend Micro researchers Echo Duan and Jesse Chang describe a series of vulnerabilities in SHAREit that could potentially allow a miscreant to leak data and run malicious code, locally or remotely.

They speculate that the bugs at issue are inadvertent and say that they have chosen to publicize them three months after disclosing their findings to Singapore-based Smart Media4U Technology because they’ve received no response from the app maker.

“We decided to disclose our research three months after reporting this since many users might be affected by this attack because the attacker can steal sensitive data and do anything with the apps’ permission,” the researchers said.

SHAREit for Android, they say, has over a billion downloads from the Google Play Store. Google, it’s claimed, has been made aware of Trend Micro’s concerns; the ad giant did not immediately respond to a request for comment.

According to Duan and Chang, the SHAREit app implements a broadcast receiver component called “com.lenovo.anyshare.app.DefaultReceiver” that can be invoked via Android’s Intent inter-app communication mechanism from any other app. They constructed a proof-of-concept Intent that shows “arbitrary activities, including SHAREit’s internal (non-public) and external app activities.”

 

 

Source: https://www.theregister.com/2021/02/16/shareit_app_flaws/

 

In a completely sane world, madness is the only freedom (J.G.Ballard).

Latest Posts