Application security, Threat Management

Security bugs left unpatched in Android app with one billion downloads

Trend Micro reports that the Android version of popular file-sharing app SHAREit has vulnerabilities that its developers have failed to address through patches for the last three months, according to ZDNet. The bug leaves smartphones with the app, which has had more than 1 billion downloads, open to malicious code introduced by attackers. Analyst Echo Duan says the flaw lies in the absence of restrictions on who can access the app’s code, which allows attackers attempting a person-in-the-middle network attack to hijack the app through malicious commands and from there run custom code, change local files or install their own apps. Threat actors are also capable of exploiting the app’s vulnerability to Man-in-the-Disk attacks, according to researchers. Duan said they informed SHAREit of the vulnerabilities three months before disclosing their research but got no response. Google was also informed of the group’s findings but Duan declined to share the company’s response.
Jill Aitoro

Jill Aitoro leads editorial for SC Media, and content strategy for parent company CyberRisk Alliance. She 20 years of experience editing and reporting on technology, business and policy.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.