Architecture, Application Security, Strategy, Threat intelligence

Security bugs left unpatched in Android app with one billion downloads

February 16, 2021
Trend Micro reports that the Android version of popular file-sharing app SHAREit has vulnerabilities that its developers have failed to address through patches for the last three months, according to ZDNet. The bug leaves smartphones with the app, which has had more than 1 billion downloads, open to malicious code introduced by attackers. Analyst Echo Duan says the flaw lies in the absence of restrictions on who can access the app’s code, which allows attackers attempting a person-in-the-middle network attack to hijack the app through malicious commands and from there run custom code, change local files or install their own apps. Threat actors are also capable of exploiting the app’s vulnerability to Man-in-the-Disk attacks, according to researchers. Duan said they informed SHAREit of the vulnerabilities three months before disclosing their research but got no response. Google was also informed of the group’s findings but Duan declined to share the company’s response.
Jill Aitoro

SC Media Editor in Chief Jill Aitoro has 20 years of experience editing and reporting on technology, business and policy. She also serves as editorial director at SC Media’s parent company, CyberRisk Alliance. Prior to joining CRA, she worked at Sightline Media as editor of Defense News and executive editor of the Business-to-Government Group. She previously worked at Washington Business Journal and Nextgov, covering federal technology, contracting and policy, as well as CMP Media’s VARBusiness and CRN and Penton Media’s iSeries News.

prestitial ad