• About
  • Advertise
  • Careers
  • Contact
Monday, March 20, 2023
No Result
View All Result
NEWSLETTER
Cyber360 News
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us
No Result
View All Result
Cyber360 News
No Result
View All Result
Home Security

Critical SHAREit Flaw Gives Attackers Full Access To Device Files

by Cyber360 News
November 11, 2019
in Security
0
Critical SHAREit Flaw Gives Attackers Full Access To Device Files
0
SHARES
0
VIEWS
Share on FacebookShare on Twitter

Data sharing apps like SHAREit and Xender have transformed the way files are shared, since their release a few years ago. The apps transfer files over wifi which is much faster compared to sending files using Bluetooth.

However, a recent report by Threat Post disclosed two major vulnerabilities in the popular file sharing app, SHAREit, which has over 500 million users the world over. 

jamf now

The bugs, discovered by researchers at Redforce, allowed attackers to bypass app authentication mechanism and provided access to files as well as Facebook token and cookie data.

Found in December 2017 the vulnerabilities were fixed by March 2018 and had a CVSS 3.0 score of 8.2 indicating high-severity.

The vulnerability in the application remained a closely guarded secret until recently because it could have had a huge impact on users owing to big attack surface and easy to exploit nature.

Researcher Abdulrahman Nour, states: “We wanted to give as many people as we can the time to update and patch their devices before making the critical vulnerability common knowledge.”

In order to exploit the vulnerability, attackers on the same WiFi network as a victim would check if the victim’s device was running a SHAREit server. This could be easily determined by checking if two ports 55283 and 2999 were open.

jamf now

Port 55283 is used by the application to send and receive messages including file transfer requests and device identification. The former is the applications HTTP server implementation and was used by clients to download shared files.

The researchers discovered that once a SHAREit user was identified, attackers could add themselves to the victims trusted devices list by simply sending a request that attempted to fetch a non-existent page.

This could be done simply by using – [curl http://shareit_sender_ip:2999/DontExist] which is one of the simplest authentication bypass methods we have seen. 

The application responded to unauthenticated users trying to fetch a non-existing page by adding them to recognized devices and showing a 200 status code.

The flaw was caused due to the application failing to validate the msgid parameter —a unique identifier that ensures that sharing requests are initiated by senders.

This meant that attackers could download files and gain access to auto-fill data, Amazon web-service user key and the victim’s hotspot info in plain-text by using a simple curl command.

jamf now

SHAREit patched the vulnerability in March 2018 but did not provide researchers with a patched version of the application or vulnerability CVE numbers. The company did not cooperate with the team and took their sweet time in responding to messages.

This callous attitude of the company left researchers at Redforce feeling unappreciated for their efforts. The question remains, Is SHAREit still the best way to share files?

Also Read: WinRAR Flaw Being Actively Used To Load Malware In Windows PCs
Cyber360 News

Cyber360 News

Next Post
WinRAR Flaw Being Actively Used To Load Malware In Windows PCs

WinRAR Flaw Being Actively Used To Load Malware In Windows PCs

Recent Posts

Twitch’s Entire Critical Data Leaked, Includes Streamer Earnings, Source Code

Twitch’s Entire Critical Data Leaked, Includes Streamer Earnings, Source Code

October 6, 2021
Former U.S. Security Firm Helped The UAE Carry Out “Karma” iMessage Hack: MIT Tech Review

Former U.S. Security Firm Helped The UAE Carry Out “Karma” iMessage Hack: MIT Tech Review

October 1, 2021
Facing “This App Has Been Blocked For Your Protection” Issue? Here’s How You Can Fix It

Facing “This App Has Been Blocked For Your Protection” Issue? Here’s How You Can Fix It

October 1, 2021

Whats New in Kali Linux?

September 14, 2021

Kali Linux 2019.3 Release (CloudFlare, Kali-status, metapackages, Helper-Scripts & LXD)

September 14, 2021

Kali Linux 2021.3 Release (OpenSSL, Kali-Tools, Kali Live VM Support, Kali NetHunter Smartwatch)

September 14, 2021

Kali Linux 2018.4 Release

September 14, 2021

Kali Linux 1.0.5 and Software Defined Radio

September 14, 2021

Kali Tools Website Launched, 1.0.9 Release

September 14, 2021

Kali Linux Dojo at Black Hat Vegas 2016

September 14, 2021

Category

Site Links

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

About Us

We bring you the best Premium WordPress Themes that perfect for news, magazine, personal blog, etc. Check our landing page for details.

© 2019 Cyber360 News - Powered by WebSensePro

No Result
View All Result
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us

© 2019 Cyber360 News - Powered by WebSensePro

Login to your account below

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In