Critical Flaw in Shareit | Shareit vulnerability | Shareit Hacked?

Critical Flaw in Shareit | Shareit vulnerability | Shareit Hacked? 

Shareit is a data sharing application as well as software which was founded on April,2015. The Chief Executing Officer of the company Michael Qiu. Shareit offers its users to transfer data in a very secure manner along with a fast speed data sharing rate. This application though launched on April 2015 and caught each and every android users eyes during the last month of the release year due to no competition in the market. As this free data transfer application caught everyone eyes, its competitors also began to grow emerging as Xender, Mi drop, Zapya, Share apps and SuperBeam.

Shareit - Why it is used?

Shareit a free application which can be used to transfer any kind of data from any device including Windows, Mac, Android and ios devices. It provides a faster data transfer speed than NFC and Bluetooth. Shareit climbed it way to the top because Bluetooth was found vulnerable and consumed very much time to transfer files. Moreover at first it had a very simple interface and it could be used to transfer applications which made it rise to the top as it could save a lot of mobile data.

Shareit – Features?

Shareit is a data transferring application. It can be used for transferring media, pictures, videos, contacts, data files and applications. Share it provides a ton of other features 

given below:

• High speed Data Transfer
• Can transfer any type of data file – pictures, music, videos, large files.
• Can transfer Files of any extension – Shareit does not judge a file from its extension and so it can share any data file.
• Saves time in sharing files as compared to Bluetooth
• Has a very clean interface.
• Provides a secure way to transfer data from one device to another.
• It requires very low space and energy in any device which makes it more convenient.
• Moreover the newer versions of Shareit provide news and trending videos to its users.

Shareit – Other Apps?

Apart from Shareit The Shareit Company provides a ton of other applications which helps user to manage their devices. The other apps that the Shareit company provides are Cloneit, Listenit, cleanit, cloneit.

CLONEit – This application replicates the content of the older or other device such as sms and mms messages, music, videos, applications to the other device conveniently.

LOCKit – Lockit is an application which helps its users to maintain their privacy by securing or protecting them using any password protecting method such as pin lock, fingerprint lock or pattern lock. It also helps by moving specific selected items into an invisible vault until a specific pattern or move is done.

LISTENit – As suggested from the name of this app, Listenit is a music player which keeps its users time to time updated with any new release of any song or any trending song.

CLEANit – This is an application which make the device much faster by clearing all the junk and cache files. Moreover it also helps as a memory booster, battery saver and mobile analyst.

Shareit – Spyware declared by Government of India?

Like any other application shareit also had several vulnerability issues. In 2017 the Indian Government had announced this application as a Malicious and spyware application. However shareit had straight away denied it. Taking this as a serious matter, shareit collaborated with Google to ensure a secure offline data transferring way and improved its security.

Shareit - The new Vulnerability?

From a recent post by a security research team, Shareit was found vulnerable with two major vulnerabilities during the file transfer process which make the user vulnerable and their every bit of data to be stolen.

Actively Shareit has over 1.5 Billion users with 500 million user vulnerable to this threat. There are two major flaws in the Shareit application. These two high severity flaws in the shareit app allows any attacker to exploit and bypass the secure file transfer authentication mechanism of Shareit.

This vulnerability was found in December, 2017 and was patched in March, 2018. This vulnerability was found and patched by a security researcher team named the RedForce. The reason for such a late disclosure of the vulnerability in the Shareit application as said by researcher’s team was that they wanted as many people to update and upgrade their shareit application so that their privacy could be maintained and did not result in using the vulnerability for any wrong reason.

This Shareit vulnerability was on 2 major ports in the shareit application: port 55283 and port 2999. An attacker in the same Wi-Fi network in which the victim device is running the vulnerable shareit version can check about the victim in the ports mentioned above. The ports mentioned above simply allowed the attacker to bypass the app authentication mechanism and provided to each and every file as well as Facebook tokens and cookie data of the victim.

The vulnerability found in the Shareit app had a CVSS 3.0 score of 8.2 which indicated high exploiting nature of the application.

These ports actually performed the following functions :

Port 55283 : This port was used by  the Shareit app to send and receive messages of file transfer requests and identification of the device. This port can be considered as a regular TCP channel.

Port 2999 : This port is the Shareit applications HTTP server implementation used by the clients or the files receiving user.

So, how does the vulnerability works?

Part 1 : Connecting to the Shareit Device.

Once a Shareit user is identified, it is very easy to exploit or compromise the victim’s data. As the file transfer session starts between two shareit devices, the normal transfer of file takes place. However , the researchers discovered that when a user with no valid session tries to fetch or receive data from a non-existent page, which will be like curl http://shareit_sender_ip:2999/DontExist a glitch in the application allows the user to join the transfer session an authenticated user, this kind of authentication bypass is the easiest authentication bypass, said the researchers. This glitch was caused because the Shareit app failed to validate the msigd parameter of the user who was trying to authenticate. And so when the user tries to authenticate they get a 200 request allowed page instead of a 404 error page.

Part 2 : Downloading the Data Files.

Now if attacker know the exact location of the data or media file they would like to retrieve or download from the vulnerable Shareit user, they can send a curl command, which will reference to the path of the target file to retrieve and download it.

Retrieving data is an easy way around for any attacker because any shareit app has the logs and the data file permission to access the device. Moreover it can retrieve the saved passwords, cookie sessions of social accounts and can result in very massive privacy leak.

To know more about the flaw visit this : Link

To watch the comple video Tutorial on Hacking Shareit using its Vulnerability : Visit Here

Final Notes: 

While doing some researches I also found a detailed video release by the researchers team about shareit vulnerability. Also, this vulnerability is only for the lower and degraded versions of Shareit v4.0.34.

Signing off,
Kali4Hacking.