SHAREit app, the widely-used file, and data sharing android app have been reportedly detected to be riddled with security vulnerabilities that are keeping users compromised for cyber-attacks.
A cybersecurity ordeal:
According to reports, the app has access to a multitude of permissions on Android because of the utilities it offers. SHAREit app can basically access the full storage, media, access microphone and camera, access location information, and has many other permissions. It can also uninstall apps, set up accounts, create passwords. Additionally, SHAREit can also run at startup as well as has entire network access.
Due to this broad list of permissions, hacking and exploiting the security vulnerabilities of the app can help malicious actors to gain complete access to users’ phones and devices and any type of private sensitive information.
According to reports, the security vulnerabilities in the Shareit app allowed malicious actors to leak any user’s private data, read and overwrite in-app files, implement arbitrary codes remotely, and also permit third-party APKs to be installed.
Impact of SHAREit:
Shareit has more than 1 billion downloads on Play Store and has apparently also been named as one the most downloaded apps of 2019.
This app has been banned in India as well as the US and the particular discovery of security vulnerabilities don’t do SHAREit many favors.
Reports also stated that Google has been notified about the security vulnerabilities of the app.
Investigations on the Shareit app showcase any third-party entity or malicious actor can amount acquire temporary access to read/write private and sensitive data of users as well.
Further, it asserts that files in a specific folder can be freely accessed by anyone as the developer has specified a wide storage area root path. Hackers can also install third-party apps on a phone due to these security vulnerabilities in ShareIt, all the while operating unbeknownst to the user. This can also be used to install malicious apps on any corrupted device.
SHAREit has also been suspected to be vulnerable to a MITD attack i.e man-in-the-disk attack. This is because when a user downloads the app in the download center, it goes to an external directory, which means any app can access it with SDcard write permission.