Transferring files over Wifi is a way faster than traditional methods like sending over Bluetooth. All thanks to apps like SHAREit and Xender who have revolutionized this world in many ways. Now, we don’t need to wait for hours to receive a file. But what will you say if you found these apps have some severe bugs that could compromise your privacy and security.
According to a recent report by Threat Post, the popular data sharing app SHAREit has two major flaws that could allow attackers to gain full access to the device files.
The bugs have been discovered by the researchers at Redforce that can bypass the app authentication system, access files, Facebook token, and cookies as well.
Here, the most surprising thing is the bugs were found in December 2017 and were officially fixed in 2018. Even after the bugs had a CVSS 3.0 score of 8.2 (High-Severity), the company decided to not disclose the details of vulnerabilities as it could have a huge impact on their user base. “We wanted to give as many people as we can the time to update and patch their devices before making the critical vulnerability common knowledge,” said researcher Abdulrahman Nour.
The flaws make it easy for attackers on the same WiFi network to check if the victim’s device was running a SHAREit server. They can easily do this by checking these designated ports: Port 55283 and Port 2999.
The researchers have also explained that both the ports are used by the application for different purposes. Port 55283 is used for device identification, handling file transfer requests and to send or receive messages. While the other Port 2999 is the app’s HTTP server and used by clients to download shared files.
After the user’s identification is done, the attackers simply use
[curl http://shareit_sender_ip:2999/DontExist]
and send a request that they are attempting to fetch a non-existent page. But in reality, they are trying to add themselves to the victim’s trusted devices list.
The SHAREit is actually failing to validate ‘msgid’ parameter i.e a unique identifier to ensure that file sharing requests are initiated by the sender. In result, the application considers this situation as an unauthenticated user is trying to fetch a non-existing page and add it to the list of recognized devices with status code 200.
This opens an easy way for attackers to target over 500 million SHAREit users in the world. They could access files, auto-fill data, hotspot info, Amazon web-service user key and also download files.
As per the reports, the SHAREit patched the vulnerability in March 2018 but didn’t either given any vulnerability CVE number nor provided the patched version of the application to the researcher. They did not cooperate with the researchers at Redforce either in discussing things or replying their messages.
