Trend Micro reports that the Android version of popular file-sharing app SHAREit has vulnerabilities that its developers have failed to address through patches for the last three months, according to ZDNet. The bug leaves smartphones with the app, which has had more than 1 billion downloads, open to malicious code introduced by attackers. Analyst Echo Duan says the flaw lies in the absence of restrictions on who can access the app’s code, which allows attackers attempting a person-in-the-middle network attack to hijack the app through malicious commands and from there run custom code, change local files or install their own apps. Threat actors are also capable of exploiting the app’s vulnerability to Man-in-the-Disk attacks, according to researchers. Duan said they informed SHAREit of the vulnerabilities three months before disclosing their research but got no response. Google was also informed of the group’s findings but Duan declined to share the company’s response.
Jill Aitoro is senior vice president of content strategy for CyberRisk Alliance. She has more than 20 years of experience editing and reporting on technology, business and policy. Prior to joining CRA, she worked at Sightline Media as editor of Defense News and executive editor of the Business-to-Government Group. She previously worked at Washington Business Journal and Nextgov, covering federal technology, contracting and policy, as well as CMP Media’s VARBusiness and CRN and Penton Media’s iSeries News.