nearly two billion users are threatened by this major security breach
A major security breach threatens the 1.8 billion users of the Android SHAREit app. This allows hackers to hijack the legitimate functionality of the application to take control of the device. No patch is available at the moment.
The SHAREit application is described as “The fastest cross-platform app […] to transfer videos, music, files and apps from one device to another ” whether it is a smartphone, an Android / iOS tablet, a PC or a Mac. The advantage of this solution is that SHAREit uses proprietary technology that allows transfers up to 200 times faster than Bluetooth.
A bit like AirDrop in the Apple ecosystem. Obviously with such usefulness we are on an application among the most popular of the moment. The app is said to have been downloaded 1.8 billion times in total. However, all of these users are currently targeted by a worrying security breach. According to Trend Micro at the origin of the discovery, this flaw facilitates man-in-the-middle attacks.
SHAREit publisher is reluctant to fix security flaw as soon as possible
A hacker can thus make believe that his machine is an intermediary (for example the Internet router), and can then modify the packets passing between devices on the fly. The application has in this context obviously few safeguards, so much so that according to Trend Micro it becomes relatively easy to execute arbitrary code or modify files on devices.
In addition to Man-in-the-Middle attacks, this flaw also makes it possible to carry out Man-in-the-Disk attacks in which an attacker uses another application to modify a shared folder used as a cache by the first application to extract, modify data or execute arbitrary code. Alas, Trend Micro laments that the flaw, reported to the developer more than three months ago has still not been fixed.
Also read: Telegram – some stickers could hack your encrypted conversations
This is why Trend Micro has chosen to publish all the details today, hoping that the publisher of SHAREit will quickly do what is necessary to protect users. Google has also been made aware of the vulnerability – the firm has chosen not to comment on the issue at this time. Given the severity of the fault and its possible active exploitation in nature, it is recommended to stop using SHAREit until the editor patches the application.