SHAREit was confirmed to have serious security bugs and other issues that are still left unpatched. This is currently a serious matter since this application is used in many Android devices to transfer files such as photos, videos, documents, music files, and many more.
SHAREit is also downloaded more than one billion times. This means that this application might already infect billions of Android devices, which could lead to a massive leak of personal user information. The developers of this popular transferring-application have failed to fix its security flaws for more than three months now.
The vulnerabilities and other malicious flaws on SHAREit can be exploited by malicious hackers to run code on the users’ smartphones where the application is installed. Echo Duan, a mobile threat analyst for security firm Trend Micro, explained the current situation on Monday, Feb. 15.
Duan said that the root cause of SHAREit’s security flaws is the lack of proper restrictions who can tap into the application’s code. He added that malicious applications installed on a user’s device, or attackers who perform a person-in-the-middle network attack, can send malicious commands to the file-transferring application and hijack its legitimate features to run custom code, overwrite the app’s local files, or install third-party apps without the user’s knowledge.
SHAREit’s serious flaw
Security experts explained SHAREit is suffering from the so-called Man-in-the-Disk attacks, which is a type of vulnerability that was first found by Check Point way back in 2018. The security bug was found revolving around the insecure storage of sensitive application resources in a location of the phone’s storage space shared with other apps, where they can be deleted, replaced, or edited by different online attackers.
Duan said that they “reported these vulnerabilities to the vendor, who has not responded yet.” He added that they “decided to disclose our research three months after reporting this since many users might be affected by this attack because the attacker can steal sensitive data.”
The security analysts explained that any attack on the popular app would also be hard to detect from a defender’s perspective. On the other hand, the file-transferring service’s spokesperson declined to make any statement regarding the newly found security flaws.
Duan also said that he also coordinated with Google to fix the app’s unpatched security flaws. However, he did not elaborate on the giant software provider’s response. He did this because the popular application is offered by Google Play Store.
The app’s developers claimed that the popular service is used by 1.8 billion users across more than 200 countries worldwide. The vulnerabilities do not impact the application’s iOS version, which runs on a different codebase.
Best alternative applications
Since your favorite application is suffering from major security issues, here are some of the best alternatives you can use;
- MX Player
- Send Anywhere
- Z Share – Desi File Sharing App
- P2P Share Alliance
- Nearby Share
- Easy Join
- Files Go
- Treble Shot
We are a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for us to earn fees by linking to Amazon.com and affiliated sites.