SHAREit is a very popular file sharing application for Android, iOS, Windows and Mac that has been developed to share video, music, files, and apps across various devices for the users and it have large customers. Security experts found two high-severity vulnerabilities in the SHAREit Android app that could allow attackers to bypass device authentication mechanism and steal files containing sensitive from a victim's device.
SHAREit server hosts multiple services via different ports on a device,Command Channel ( Port 55283) and Download Channel (Port 2999). Command Channel is a regular TCP channel where app exchanges messages with other SHAREit. Download Channel is the SHAREit application's own HTTP server implementation which is mainly used by other clients to download shared files.
When you use the SHAREit Android app to send a file to the other device, a regular file transfer session starts with a regular device identification, then the 'sender' sends a control message to the 'receiver,' indicating that you have a file to share. Security experts discovered that when a user with no valid session tries to fetch a non-existing page, instead of a regular 404 page, the SHAREit app responds with a 200 status code empty page and adds the user into recognized devices, eventually authenticating an unauthorized user.
Since the SHAREit app fails to validate the 'msgid' parameter,a unique identifier generated for each request when the sender initiates a download,this enables a malicious client with a valid session to download any contents by directly referencing its identifier. The flaws could be exploited by an attacker on a shared WiFi network, and unfortunately vulnerable SHAREit versions create an easily determine the open Wi-Fi hotspot exploit and have unrestricted access to vulnerable device storage.
It is a great vulnerability.We can't even think that the app that have great number of users have these types of vulnerability.The SHAREit team patched the vulnerabilities in March 2018 without leaving any details to the outside world. The vulnerabilities affect the SHAREit for Android application version 4.0.38 and its earlier versions. So its a message to users that if you are using SHAREit version 4.0.38 or its early version it's your time to do the update from Google play store as soon as possible.