A File Sharing App With 1 Billion Downloads Has a Major Security Flaw

A File Sharing App With 1 Billion Downloads Has a Major Security Flaw

Getting data from one place to another is easy when you’ve got reliable internet connectivity, but that’s not the case everywhere. That’s why an Android app called SHAREit has more than a billion downloads. Unfortunately, Trend Micro says the app is also a security nightmare that could allow intruders to sneak a peek at your data or even install malware. Perhaps most troublingly, the developers have not responded to Trend Micro’s warnings.

SHAREit is a product of Singapore-based developer Smart Media4U, which positions the app as a way to host and share content even if you don’t have internet access. The app has become popular because it lets users share files directly via Wi-Fi Direct data transfers, and there’s a built-in media player to play streams from other devices. However, Trend Micro says the way the app shares information makes it easy for a third-party to hijack the connection and load up all manner of malicious things.

Trend Micro says it confirmed the vulnerability is more than theoretical. Its researchers were able to confirm that SHAREit is giving away far too much data when beaming files, and this vulnerability makes it easy to exploit. Trend Micro says further that it told Smart Media4U about the issues three months ago, and there has been no reply. Trend Micro decided to disclose the flaws now because users deserve to know their app might be leaking personal details.

The developer’s silence is particularly concerning because the app is far from abandoned. A staffer replies to reviews on the Play Store constantly, even going so far as to post his mobile number for people to share screenshots. They’ll go to all that trouble but won’t reply to Trend Micro after three months? That feels pretty shady to me.

If you’re using SHAREit, I would recommend you look at an alternative way of sharing files. It is unknown if there are any in-the-wild SHAREit attacks, but it’s probably only a matter of time now, Most of the app’s users appear to be in countries throughout the Middle East, Africa, and Asia. It’s not as popular in the US and Europe because it’s unusual for populations in those regions to have such spotty connectivity that they need to resort to direct sharing apps like SHAREit.

Continue reading

Protect Your Online Privacy With the 5 Best VPNs
Protect Your Online Privacy With the 5 Best VPNs

Investing in a VPN is a smart choice right now, but the options are vast. To help narrow things down a bit, we've rounded up five of our very favorite consumer services.

RISC-V Tiptoes Towards Mainstream With SiFive Dev Board, High-Performance CPU
RISC-V Tiptoes Towards Mainstream With SiFive Dev Board, High-Performance CPU

RISC V continues to make inroads across the market, this time with a cheaper and more fully-featured test motherboard.

The PlayStation 5 Will Only Be Available Online for Launch Day
The PlayStation 5 Will Only Be Available Online for Launch Day

The PlayStation 5 isn't going to be available in stores on launch day, and if you want to pick up an M.2 SSD to expand its storage, you'll have some time to figure out that purchase.

ARMing for War: New Cortex-A78C Will Challenge x86 in the Laptop Market
ARMing for War: New Cortex-A78C Will Challenge x86 in the Laptop Market

ARM took another step towards challenging x86 in its own right with the debut of the Cortex-A78C this week. The new chip packs up to eight "big" CPU cores and up to an 8MB L3 cache.