RCE Vulnerabilities Found in SHAREit Android App

The Android mobile application, downloaded more than a billion times by users, contains critical vulnerabilities that the program developer cannot fix for more than three months. The problems affect the Android version of SHAREit, a mobile application that allows users to share files with other devices.

Exploitation of this vulnerability allows an attacker to run malicious code on smartphones with installed SHAREit application, said researcher Duane Trend Micro Eco (Echo Duan). The problem stems from the lack of proper restrictions on who can use the application code.

According to the expert, malicious applications installed on the user's device or attackers performing a MitM attack can send malicious commands to the SHAREit application and use its legitimate functions to run custom code, overwriting local application files, or install third-party applications without the user's knowledge.

In addition, the application is also vulnerable to the so-called Man-in-the-Disk attacks, which involve unsafe storage of confidential application resources in a shared phone storage location, where they can be deleted, edited, or replaced by hackers.

“We decided to disclose the results of our research three months after reporting the vulnerability to the developer, since this attack could affect the confidential data of many users,” the expert explained.

Previous Post Next Post