Vulnerabilities in SHAREit Android App Could Have Your Files Stolen
NEWS

Vulnerabilities in SHAREit Android App Could Have Your Files Stolen

Two high-severity flaws were discovered in the popular SHAREit app which has more than 1.5 billion users. The app is available for Android, iOS, Windows and Mac, but the two flaws were located in the Android version which has more than 500 million users.




SHAREit Vulnerabilities: Technical Overview

The vulnerabilities could allow hackers to bypass device authentication and steal users’ files from their devices. Since the application’s purpose is to help users share their files, we can only imagine the types of sensitive and personal information that could have been endangered.

The first vulnerability allows attackers to bypass the SHAREit device authentication mechanism, and the second one enables authenticated attackers to download arbitrary files from the user’s device. The good news is that both flaws were reported to the vendor and patches are now available.

It should be noted that the vulnerabilities were first discovered in December 2017, and addressed in March 2018. However, technical details were made public just recently. The reason for the vulnerabilities to be kept secret is the vulnerabilities’ large impact and ease of execution, security experts said.

Related:
A security team has announced the discovery of a critical vulnerability found in WinRAR, one of the most popular archive and compression tools used by users
CVE-2018-20250: WinRAR Vulnerability Found after 19 Years of Possible Exploitation

The issue with the first vulnerability is that it “occurs mainly because the application fails to validate msgid parameter enabling a malicious client with a valid session to download any resource by directly referencing its identifier,” said RedForce researchers. Furthermore, to download a file from the user’s device, all that is needed is a valid SHAREit session with this user at least once to be added to recognized devices. Then the malicious user only has to visit http://shareit_sender_ip to download the settings file for the SHAREit app.

Once this is done, any file can be downloaded from the breached device.

It should also be noted that when a user with no valid session tries to fetch a non-existing page, instead of a regular 404 page, the SHAREit app would respond with a 200 status code empty page. The app would also add the user to recognized devices, eventually authenticating an unauthorized user.

The exploit is very simple, researchers said

To exploit the vulnerability, all the attackers need to do is to send a ‘curl’ command that references the path of the target file, with the condition that the exact file location is known.

A proof of concept is also available. It’s worth mentioning that the researchers successfully downloaded about 3000 different files, or approximately 2GB of data, in less than 8 minutes.

Full technical disclosure is available in the detailed report.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum for 4 years. Enjoys ‘Mr. Robot’ and fears ‘1984’. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles!

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...