One of the most popular Android file sharing (opens in new tab) apps has several vulnerabilities that haven’t been fixed by its developers for over three months, new research has claimed.
Security researchers at Trend Micro (opens in new tab) discovered the shortcomings in the ShareIT app (opens in new tab) that if exploited, can not only leak a user’s sensitive data, but can also execute arbitrary code on the device.
More worryingly, the vulnerabilities were brought to the attention of the app’s publishers over three months ago, but have seemingly decided to ignore the report.
- These are the best web hosting services (opens in new tab)
- Here are some of the best file transfer software (opens in new tab)
- Check our list of the best productivity tools (opens in new tab)
“We reported these vulnerabilities to the vendor, who has not responded yet. We decided to disclose our research three months after reporting this since many users might be affected by this attack because the attacker can steal sensitive data and do anything with the apps’ permission,” noted Trend Micro in its report (opens in new tab).
Even more worryingly, the researchers add that any attacks launched by exploiting these vulnerabilities will be hard to detect as they masquerade the legitimate operations of the app.
While discussing the vulnerabilities in detail, the researchers say that the flaws exist because the app implements its sharing functions with improper settings that leave it prone to abuse.
The researchers were able to successfully exploit the vulnerabilities with a proof-of-concept app to gain temporary read/write access to the data on the device, and even managed to run arbitrary code on the device.
Since ShareIT’s developers failed to respond to the researchers, they’ve also brought it to the attention of Google - however, there has been no response as yet, and the app still continues to be listed on the official Android Play Store.
- We've put together a list of the best endpoint protection software (opens in new tab)