fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

SHAREit Fixes Security Bugs In App With 1 billion Downloads

SHAREit Fixes Security Bugs In App With 1 billion Downloads

Singapore-based Smart Media4U Technology said today that it fixed SHAREit vulnerabilities that may have allowed attackers to execute arbitrary code remotely on users’ devices.

The security bugs impact the company’s SHAREit Android app, an application that downloaded more than 1 billion times, according to Google Play Store statistics.

“On February 15, 2021, we became aware of a report by Trend Micro about potential security vulnerabilities in our app,” SHAREit said in a press release published on Friday.

“We worked quickly to investigate this report, and on February 19, 2021, we released a patch to address the alleged vulnerabilities.”

Also Read: How To Secure Your WiFi Camera: 4 Points To Consider

SHAREit users exposed to attacks

As Trend Micro mobile threat analysts Echo Duan and Jesse Chang found, the now-fixed security bugs can be abused by attackers for gaining access to the sensitive information stored by users on devices running vulnerable SHAREit versions.

They could also be abused to execute arbitrary code with SHAREit permissions with the help of malicious code or app, potentially allowing the threat actors to use it in Remote Code Execution (RCE) attacks.

The security flaws also expose users of unpatched SHAREit versions to man-in-the-disk (MITD) attacks, allowing attackers to manipulate application resources stored on external storage via code injection.

In 2019, SHAREit patched two other security vulnerabilities that would’ve enabled attackers to bypass the app’s authentication mechanism and download arbitrary user files from vulnerable devices.

Vulnerabilities patched after public disclosure

While SHAREit’s owner says that it just became aware of Trend Micro’s findings earlier this month, Trend Micro noted that the security bugs were reported to the vendor three months before the report was published.

“We decided to disclose our research three months after reporting this since many users might be affected by this attack because the attacker can steal sensitive data and do anything with the apps’ permission,” they said.

To make things even worse, attacks abusing these vulnerabilities would not be easily detectable, which probably added to the urgency of publishing their discovery.

Also Read: Going Beyond DPO Meaning: Ever Heard Of Outsourced DPO?

“The security of our app and our users’ data is of utmost importance to us,” SHAREit added. “We are fully committed to protecting user privacy and security and adapting our app to meet security threats.”

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us