"We decided to disclose our research three months after reporting this since many users might be affected by this attack because the attacker can steal sensitive data," he added, while also noting that any attacks would also be hard to detect from a defender's perspective. 1 June 2022 Coronavirus (COVID-19) health alert. "We reported these vulnerabilities to the vendor, who has not responded yet," Duan said today. SHAREIt - The best sharing app & content distribution platform with the fastest cross-platform transfer speed.
App maker did not respond for three months
Duan said that malicious apps installed on a user's device, or attackers who perform a person-in-the-middle network attack, can send malicious commands to the SHAREit app and hijack its legitimate features to run custom code, overwrite the app's local files, or install third-party apps without the user's knowledge.įurthermore, the app is also vulnerable to so-called Man-in-the-Disk attacks, a type of vulnerability first described by Check Point in 2018 that revolves around the insecure storage of sensitive app resources in a location of the phone's storage space shared with other apps - where they can be deleted, edited, or replaced by attackers.