This Android App With 1 Billion Downloads Has Security Bugs Left Unpatched

SHAREit bugs

One of the many security researchers' job, is to leave no rocks unturned. Bugs can hide from the surface, and they know this fact very well.

This time, researchers at the security firm Trend Micro reported that the Android version of 'SHAREit', which has more than one billion downloads, contains unpatched vulnerabilities that the app's developer failed to fix in more than three months.

SHAREit is a popular mobile app from developer Smart Media4U Technology Pte.Ltd., which allows users to share files with friends or between personal devices.

It receives widespread praise because of its easiness of use, its speed, and its support for all types of files, What's more, SHAREit also offers free online feeds to include movies, videos, music, wallpapers, abd GIFs. SHAREit also added its own media player, which helps users manage their own media.

But with that widespread praise, the unpatched bugs mean that the app is posing risks to its more than 1 billion users.

SHAREit bugs.
Code snippet of how SHAREit receives an Intent object. (Credit: Trend Micro)

According to a website post by Trend Micro:

"he vulnerabilities can be abused to leak a user’s sensitive data and execute arbitrary code with SHAREit permissions by using a malicious code or app. They can also potentially lead to Remote Code Execution (RCE). In the past, vulnerabilities that can be used to download and steal files from users’ devices have also been associated with the app. While the app allows the transfer and download of various file types, such as Android Package (APK), the vulnerabilities related to these features are most likely unintended flaws."

The cause of the bugs, is the lack of proper restrictions on who can tap into the app's code.

According to the researchers at Trend Micro, malicious apps installed on a users' device, or attackers who perform a man-in-the-middle network attack, can send malicious commands to the SHAREit app, in order to hijack the app's legitimate features to run custom commands.

Hackers can also overwrite the app's local files, or install third-party apps without the user's knowledge.

The app is also vulnerable to so-called man-in-the-disk attacks, a type of vulnerability that revolves around the insecure storage of sensitive app resources in a location of the phone's storage space shared with other apps.

"In this case, all files in the /data/data/
folder can be freely accessed," the researchers wrote.

What's more, tha app also provides a feature that can install an APK files.

In other words, when exploited, the bugs are devastating.

SHAREit bugs.
Code snippet showing SHAREit supporting the deep link feature for installing APK. (Credit: Trend Micro)

Making things worse, Trend Micro has notified the developer of the app about the vulnerabilities, but received no respond.

SHAREit's developer did not respond to Trend Micro's inquiry for more than three months.

"We reported these vulnerabilities to the vendor, who has not responded yet," Trend Micro's post continued.

"We decided to disclose our research three months after reporting this since many users might be affected by this attack because the attacker can steal sensitive data."

At this time, SHAREit has over 1 billion downloads in Google Play and has been named as one of the most downloaded applications in 2019.

Google has also been informed of these vulnerabilities.

It should be noted that the bugs only affect SHAREit's Android app, and don't impact SHAREit on iOS.