The Android application SHAREit, which has a billion installs and has a huge security vulnerability, has not received any patches in three months.
More than a billion downloads of the popular Android application contain a security vulnerability that threatens the security of mobile devices. It is reported that the developer has not been able to close the discovered breach for more than three months. We are talking about the Android version of the SHAREit program that allows users to exchange files with friends and other devices.
Vulnerabilities detected in the application allow remote malicious code execution on mobile devices where the application is installed. This critical vulnerability in the SHAREit application was reported by Trend Micro experts. Experts point out that the root cause of the problem is the lack of necessary restrictions on the use of the application code. This way, an attacker can not only execute their own code, but also overwrite locally stored application files and install third-party applications without the device owner’s knowledge.
iOS version not vulnerable
The report also shows that the SHAREit app is vulnerable to the Man-in-the-Disk attack, which security experts at Check Point announced in 2018, which could compromise users’ sensitive data. Trend Micro experts state that they tried to contact the developers of the SHAREit app, but were unable to contact them.
Attempts to connect with the program’s developers continued for three months, but all requests from experts remained unanswered. Experts also said that they shared their research with Google, but would not give details on what the Play Store platform responded. The developers of the SHAREit app claim that 1.8 billion people from 200 countries are using their software. The vulnerability in the application does not cover the iOS version of SHAREit as it is written using a different code base according to digital security experts.