Provide your email for confirmation

Tell us a bit about yourself

country *

Please provide your email address

welcome to Rappler

Login

To share your thoughts

Don't have an account?

Login with email

Check your inbox

We just sent a link to your inbox. Click the link to continue signing in. Can’t find it? Check your spam & junk mail.

Didn't get a link?

Sign up

Ready to get started

Already have an account?

Sign up with email

By signing up you agree to Rappler’s Terms and Conditions and Privacy

Check your inbox

We just sent a link to your inbox. Click the link to continue registering. Can’t find it? Check your spam & junk mail.

Didn't get a link?

Join Rappler+

How often would you like to pay?

Annual Subscription

Monthly Subscription

Your payment was interrupted

Exiting the registration flow at this point will mean you will loose your progress

Your payment didn’t go through

Exiting the registration flow at this point will mean you will loose your progress

welcome to Rappler+

Unpatched security flaw found in SHAREit for Android devices

Security researchers at Trend Micro released a report on Monday, February 15, explaining security vulnerabilities in the Android version of cross-platform file-sharing app SHAREit, which has racked up over a billion downloads.

According to the report, the vulnerabilities in SHAREit "can be abused to leak a user’s sensitive data and execute arbitrary code with SHAREit permissions by using a malicious code or app. They can also potentially lead to Remote Code Execution (RCE)."

SHAREit is also said to be susceptible to Man-in-the-Disk attacks. ZDNet, in its report, said these types of attacks – first written about by cybersecurity firm Check Point in 2018 – work around "insecure storage of sensitive app resources in a location of the phone's storage space shared with other apps – where they can be deleted, edited, or replaced by attackers. "

Google has been informed of these vulnerabilities. 

The researchers have disclosed their findings 3 months after reporting this to the vendor of the application, who has not responded to the disclosure with any comment.

The researchers opted to make the research public "since many users might by affected by this attack because the attacker can steal sensitive data and do anything with the apps’ permission. It is also not easily detectable."

The SHAREit vulnerabilities do not appear to affect the iOS version of the app. – Rappler.com

Victor Barreiro Jr.

Victor Barreiro Jr is part of Rappler's Central Desk. An avid patron of role-playing games and science fiction and fantasy shows, he also yearns to do good in the world, and hopes his work with Rappler helps to increase the good that's out there.

image