![]() In Trend Micro’s PoC, researchers included code that reads WebView cookies, which was used to write any files in the SHAREit app’s data folder. “In other words, it can be used to overwrite existing files in the SHAREit app,” Duan said of the attack. ![]() In this way malicious apps installed on a device running SHAREit can run take over the app to run custom code or install third-party apps without the user knowing, researchers found. SHAREit also is susceptible to an MiTD attack, a variation on a man-in-the-middle attack identified by Check Point in 2018 that arises from the way the Android OS uses two types of storage-internal and external, the latter of which uses a removable SD card and is shared across the OS and all apps. This type of attack allows someone to intercept and potentially alter data as it moves between Android external storage and an installed app, and is possible using SHAREit “because when a user downloads the app in the download center, it goes to the directory,” Duan wrote. “The folder is an external directory, which means any app can access it with SDcard write permission.” Researchers illustrated this action in their POC by manually copying Twitter.apk in the code to replace it with a fake file of the same name. As a result, a pop-up of the fake Twitter app appeared on the main screen of the SHAREit app, Duan wrote. Reopening SHAREit caused the fake Twitter app to appear on the screen again, prompting the user to install it, an action that is successful, according to the post. This means that the app can access the directory with SD card write permission.Trend Micro’s discovery isn’t the first time serious flaws were found in SHAREit. This would allow malware to be downloaded to the user's phone.Īdditionally, SHAREit is susceptible to a man-in-the-disk (MITD) attack as when a user downloads a certain app through SHAREit, it goes to a folder in an external directory. Chrome was coded to call SHAREit to download the sapk from and since it supports HTTP protocol, the company found it can be replaced by simulating a man-in-the-middle (MitM) attack. ![]() The company built an href attribute in HTML to verify RCE with Google Chrome browser. This would enable a limited Remote Code Execution (RCE) when the user clicks on a URL (SHAREit has deep links using URL leading to specific features in the app). Trend Micro found that SHAREit provides a feature that can install an APK with the file name suffix ‘sapk' that can be used to install a malicious app.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |