SHAREit – a popular file-sharing app has been marred by an unpatched bug that has left the user’s sensitive data to be hacked easily.
According to the reports, the unpatched bug allows the hackers to run malicious codes on the smartphones of the users thus exploiting the saved data. This can further lead to Remote Code Execution (RCE). The app allows the transfer and download of various types of files.
The bug allows the hacker to attack the network, send malicious commands to the SHAREit app, and hijack legitimate information on the phone. It can overwrite the app’s local files and can also install other third-party apps without the knowledge of the user. The main reason behind this security flaw is the lack of proper restrictions which means that anyone can access the application code and abuse it.
The security bugs were first discovered back in December 2017 and were reported to the app makers. They were officially fixed by 2018. Even after fixing the bugs, the details of the vulnerabilities were not disclosed to the users.
Apart from having the users’ data at risk of being hacked, SHAREit also makes the user vulnerable to Man-in-the-Disk attacks Such attacks tend to affect the storage space of the smartphone to be shared with other apps, without the knowledge of the user and also making it readily available to be deleted, edited or even permanently replaced by the hackers.
The app maker was contacted and reported about these glitches in the app. The makers of the app were given three months to research and fix the bug as it has affected more than a billion people, who are vulnerable to getting their data hacked and misused. The developers of SHAREit have claimed to have more than 1.8 billion users around the world, yet none of the vulnerabilities attached with the app are made public or acknowledged by the app developers.