It is also not easily detected,” the report said. “We decided to disclose our research three months after reporting this since many users might be affected by this attack because the attacker can steal sensitive data and do anything with the apps’ permissions. Trend Micro’s discoveries have been submitted to SHAREit’s developer, but no action has subsequently been taken. The description on Google Play includes “Infinite Online Videos,” “Discover Trending Music,” and “GIFs, Wallpapers & Stickers” among its many inducements to potential users. While the SHAREit app continues to advertise as a file-sharing platform with unrivaled transfer speeds, that is clearly not the main priority. It can also delete apps, run at startup, create accounts and set passwords,” according to the analysis. The app “requests access to the entire user storage and all media, the camera and microphone, and location. A ‘Security Nightmare’Īs a recent analysis of the Trend Micro report noted, part of the problem with the SHAREit app is the broad range of permissions it requests from users. They include third-party vendors, whose apps would not be subject to the same security measures Google enacts for its Play store apps. But these are not limited only to official Google Play apps. Users of the app can download other gaming apps. Trend Micro further notes that SHAREit is also a gaming platform. These exploits allow remote attackers to intercept data that moves between the app and an Android device’s external storage and replace it. This could lead to potential man-in-the-middle or man-in-the-disk attacks. These vulnerabilities could also be manipulated to allow the download and installation of any Android application package, or APK. Using purpose-built code, researchers found this component, along with other irregularities in the storage area root path, could result in remote access to private app functions and the ability of any third party to “again temporary read/write access” and “overwrite existing files in the SHAREit app.” Researchers at Trend Micro found a problem with a broadcast component in the app. Prior to the update late last year, the app functioned without incident and was well-reviewed. A recent update to the app delivered malware that uses the designated mobile web browser on users’ phones to deliver out-of-app advertisements. News about the SHAREit app vulnerabilities follows an earlier report about another popular Android app called Barcode Scanner. The vulnerabilities were first reported to the app developer three months ago, according to the report, but have still not been patched. Trend Micro said the vulnerabilities could allow the leak of sensitive user data and the exploitation of permissions in the app to gain full device access for remote attackers. The app, which has been downloaded more than a billion times on Google Play, bills itself as the fastest cross-platform file-sharing app in the world. Our only wish is that there was a way to remove the advertisements and promotions for other apps.A report released this week by IT security company Trend Micro announced the discovery of several critical security vulnerabilities in a mobile app for Android devices called SHAREit. It provides the service that it offers in the app store description and does it within a neat, easy-to-use UI. If you can look past that and only focus on the core functionality of SHAREit, you do have a relatively good performing application. There are also many ads thrown throughout the SHAREit user interface. This means you have access to cleanup tools and a memory analyzer straight from within the app, but it also means that plenty of the app is essentially filled with promotions for other applications. The developer has attempted to fill the app with other functionality. There's another side to SHAREit that is a little like a double-edged sword. Developer claims that their app is far faster than Bluetooth at transferring files, and from our experience we can confirm that this is true. We found that it takes roughly 10-20 seconds before you'll see other device on the share screen. When sending files, you must wait for the receiving device to appear on the search screen. When sending, you'll be able to scroll through your files, apps, videos, photos, and other data to choose what to send. When receiving, you'll download any files that another user sends to you. Once a connection has been made, you can choose to send or receive. It instead connects to a server and then finds nearby devices connected to the same connection. The app does not require Bluetooth like most similar apps do. Price: $ SHAREit is designed to let you share files, apps and other data between two devices effortlessly.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |