Researchers Find Serious Privacy Flaws in Chinese App SHAREit

Published on 17 Feb 2021

According to a recent report by security firm Trend Micro, there are serious security vulnerabilities with the Chinese app SHAREit. These vulnerabilities can be used by bad actors to leak sensitive data from affected devices. There is also a possibility for hackers to use the security flaws to run malicious code or modified installation files.

What is SHAREit?

A popular android file sharing application, SHAREit has reportedly been downloaded more than a billion times. The app can be used to share files between friends and personal devices and is owned by Smart Media4U Technology Pte. Ltd. In 2019 the Indian government banned SHAREit along with 59 other chinese apps. The report by Trend Micro highlights the risk users are exposed to as the app is still popular with Android users outside India.

Due to the nature of the app, SHAREit requires users to provide several permissions which include: access to user's storage data, to their camera, microphone, device location among others. Researchers found that the gaps in security could potentially be used to remote code execution (RCE).

What is remote code execution (RCE)?

As the name suggestions, this vulnerability makes it possible for bad actors to run code of their choosing on a device remotely. This can allow them to take over a system or device using malware. Attackers could use their control to upload files, download information, etc.

Speaking about their findings, one analyst at Micro Trend said, "We reported these vulnerabilities to the vendor, who has not responded yet. We decided to disclose our research three months after reporting this since many users might be affected by this attack because the attacker can steal sensitive data and do anything with the apps’ permission. It is also not easily detectable."

It has not been disclosed if the SHAREit vulnerabilities have been exploited. Critics claim that the growing popularity of the app and a need for efficiency were achieved at the cost of security leaving users and their personal data vulnerable.

Feature image: Technology photo created by rawpixel.com - www.freepik.com