The popular file sharing Android app, SHAREit was found to have multiple unpatched vulnerabilities in its code.
The mobile app having more than one billion downloads allows users to share files with friends or between personal devices.
According to the experts from Trend Micro, the vulnerabilities could be abused to leak a user’s sensitive data and execute arbitrary code with SHAREit permissions by using a malicious code or app. It can potentially lead to Remote Code Execution (RCE) on the devices where the app is installed.
The analysis of the app’s code revealed that potentially any app can call the startActivity() function through the broadcast receiver as “com.lenovo.anyshare.app.DefaultReceiver.” An attacker can view arbitrary activities, including SHAREit’s internal (non-public) and external app activities.
The developer behind this disabled the exported attribute via android:exported=”false”, but enabled the android:grantUriPermissions=”true” attribute. It was also found that any third-party entity can still gain temporary read/write access to the FileProvider content provider’s data.
A wide storage area root path was also defined and all the files in the /data/data/<package> folder can be freely accessed.
The app also provides a feature that can install an APK with the file name suffix sapk. This feature could be abused by an attacker to install a malicious app.
Trend Micro has reported the vulnerabilities to the company behind the app but they did not respond and so after three months the security firm have decided to disclose it.