Researchers Find Bug in SHAREit App That Could Get Your Data Hacked

Last Updated: July 18, 2021

Transferring files (apps, music, videos, and pictures) is one of the activities individuals carry out frequently with their devices. Regardless of the nature of the device, whether a mobile device or a computer, the average user at some point would like to either send or receive any of the abovementioned files. Before the advent of WiFi connections, users had to transfer files either using a cable or Bluetooth. However, both systems were relatively slow, especially for Bluetooth. Furthermore, it was near-impossible to send bulky files using some of those processes. 

The emergence of WiFi and apps that use it to transfer files revolutionized the process. Suddenly, even large files could be sent across easily and quickly. One of the most popular of these WiFi-enabled apps is Xender. Another is SHAREit. Regardless of the ease of these apps, they occasionally face security challenges and threats. This article looks at one of the security breaches on one of such apps known as SHAREit.

What is SHAREit?

SHAREit is a file-sharing app developed by the Smart Media4u Technology Pte based in Singapore. It is widely popular and has been reported to be the most downloaded app in 2019; downloaded over 1 billion times on Playstore in that year. Part of the popularity of this app is its compatibility with a range of devices. There are compatible apps for iOS, Android, macOS, and Windows devices. 

Furthermore, another attraction for users is the ease of use. Users just need to download the app, identify the files they want to send, and click on them to send. The process is faster than sending using Bluetooth. Also, due to its cross-platform compatibility, users can connect the app to their personal computers and trade files both ways. It is a free web tool that does not require cables to send files across devices.

The Discovery of the Bugs

In February 2021, security outfit Trend Micro announced that it had discovered some bugs on the app. Hackers can use the apps to carry out malicious attacks on users. This is because they offer easy access to the smartphone of users who download such apps. 

Experts have noted that the bugs can also be used to carry out Remote Code Execution attacks. This is a situation where an attacker remotely accesses a device and executes attacks on it. Usually, the host device will be unaware of the presence or activities of such malicious entities. A successful attack is so dangerous that a compromised host can be used to attack other hosts. 

The researcher first noted the bugs about three months prior to the public disclosure and promptly informed the apps developers. However, the developers are yet to make any comments or take any decisions. According to the researchers, they decided to make the situation public because of the potential risks users face while using the apps, unaware of the security breaches. Also, this is bearing in mind that the bugs are not easily identifiable.

Ostensibly, the developers could be working on a means to patch the security challenges. However, hackers and cybercriminals could still carry out attacks within the window of disclosure and development of solutions. That is to suggest that even at the moment, users of the platform might be at risk.

With the bug present in any installed app, hackers can determine users who are using the SHAREit app. This is because, as highlighted, the app runs on a WiFi network. Thus, a hacker could potentially attack over 500 million users worldwide. 

This isn’t the first time a security concern has been raised about the app. This perhaps suggests that there is a common thread of security breaches on the app. In 2017, two bugs were discovered on the app. The bugs were so nefarious that they could get around the authentication system employed by the app. In the same way, it could access and encroach on users’ files. 

Apart from the security breach, there was a further confidentiality and agreement breach by the company. Although the first bugs were discovered in late 2017, it wasn’t until 2018 that they were fixed. Even more so, the company did not share details of this breach with its customers and users, ostensibly to avoid creating panic and distrust for the app. Users were only nudged to update and patch their apps.

Security Challenges to Look Out For in Any App

Currently, the world is increasingly turning to the internet for not just communication but for virtually everything else. Hence, business activities, transfer of files, and even to some extent, aspects of the hospitality industry can be conducted online. For most of these activities, specific apps are developed for them. However, as illustrated by the situation under review, some of these apps can be the subject of attacks, leaving users vulnerable. 

This section will look at some of the security challenges users of these online systems and apps should pay attention to. In the next section, we then examine the means to stay safe in the face of these challenges. 

1. Data Leaks

Data leaks can happen in two distinct ways. The first occurs in situations where users grant permissions to apps. The chief culprits usually are free apps. They gather data from users and store it in a remote server, accessible by third parties. 

Furthermore, data leaks can occur as a result of malware. A virus can access a user’s device and siphon their data. 

2. Spyware

Spyware refers to apps that “spy” on users. Most have to be installed manually on devices. Thus, in the vast majority of cases, it is loved ones and close pals who have access to a person’s device that installs such spyware. However, spyware can also be installed by unknown third parties. For the two scenarios above, the user is compromised, and their data can be leaked. 

3. Ransomware

This refers to malware that shuts down the operation of the device until some ransom is paid. Ransomware overwhelmingly affects computers. However, they can also pose threats to mobile device users. This category of ransomware is known as mobile ransomware. Hackers and cybercriminals typically employ a lot of social engineering tactics to trick users into downloading and using ransomware. However, apps also provide a route for ransomware to affect a user’s device.  They can get on phones when unsuspecting users download infected apps.

4. Broken cryptography

When broken cryptography occurs, a third party can decrypt data sent across the app. This reveals the data in its original form. A hacker can thus steal sensitive information, which can further be used to carry out other crimes. Broken cryptography could result due to inadvertence on the part of the designers. However, it could also result from negligence.

Possible Solutions Users Can Explore

A lot of developers do not identify or tackle the security challenges of their apps until after the fact. Thus, it is mostly after the breaches have been identified that they take steps to resolve the challenges. A case in point is the SHAREit situation. In most of these scenarios, the app user is not even aware of the breaches till later. As a user, however, you can take steps to protect yourself against these challenges. Below are two ideas to explore:

Encrypt Your Data (with a VPN)

Encryption creates a secure tunnel for your data. Thus, any data proceeding from and to your device gets secured. For any hacker to access your data, they’d have to decrypt your data.  This is almost always impossible, especially when you use a VPN to encrypt your network. A VPN is an app whose primary job is keeping users safe by encrypting their data. Most top-tier providers use the AES 256-bit encryption system. This is one of the strongest in the industry. Under its provision, a user can rest assured that their data will be wholly secured while they go about their activities. 

Uninstall the Apps

In some cases, there is precious little a user can do when an app is compromised. This is even more so in situations where the bug or virus is on the parent app. Here, the infestation does not occur as a result of the negligence of the user. In such a situation, a  user’s only resort may be to uninstall and delete the app.

However, for this to work, you need to pay attention to news about every app you use. For instance, if you currently use SHAREit, you should be examining whether it is wise to continue using the service. Security threats do not suddenly disappear if left unattended. Hence, if the app provider or developer has not taken active steps to address any security breach found on their apps, you may want to take a step back.