File sharing apps full of security flaws – even from Apple App Store

A file sharing application may be a quick and handy way to get a file from point A to point B – but it may also be riddled with gaping security holes, according to new research from Trustwave Holdings Inc.’s SpiderLabs.

Researcher Bruno Oliveira tested over 10 file sharing apps, including Easy File Manager, WiFi HD Free, and FTP Drive, to see how easily he could dredge up exploits from them on the iPhone. The answer? Very – and that spells trouble for phone users, who might see their entire phone and its contents become open to attackers.

Nor is it encouraging for businesses with a bring your own device (BYOD) policy. If an employee’s personal device is compromised, that could open up a business’ network to potential attacks.

“You can’t just store a file easily in your iPhone by default. So if your friend asks for a song or a document, and you don’t have any storage device, you are not able to do that using your iPhone’s features,” says Oliveira, senior security consultant at Trustwave. That’s when some users turn to file sharing services, he adds.

Many of these services’ apps are freely available in the Apple App Store, with file sharing enabled through Bluetooth, iTunes, or Web servers, making users feel they are safe. WiFi HD Free has also garnered an average of a three-and-a-half stars rating out of five stars from about 1,700 users in the Apple App Store, at the time of this writing.

However, accessing these files is very easy, Oliveira pointed out. They’re not encrypted, not do they require any authentication before users go to open them. But worse than that, users can access whole file systems on iOS.

“If you go deeper on these applications, they are very badly designed,” he says. “If you are going through the application, you are going through the system – not compromising the application, but all of the iOS device.”

And it’s not very difficult to do, Oliveira adds. In fact, he’d say anyone with any hacking ability – from script kiddies to mid-level hackers – would be able to exploit a vulnerability within a file sharing app.

While he chose to test Apple devices because of their widespread popularity, he says the devices that are most at risk are those running an older iOS – say, iOS6, and that have been jailbroken.

For now, iOS 7 users are a little safer – but Oliveira still wouldn’t advise anyone to use small, unfamiliar file sharing services. While he found Easy File Manager was the worst offender for opening its users up to vulnerabilities, none of the others he tested fared much better, he adds.

He also notes businesses can’t really keep track of all of the devices their employees are bringing into the workplace. However, one thing an organization can do is safeguard its corporate network by segmenting it, or by controlling who can access the network, Oliveira says.

And on the other side, app developers have a responsibility to patch their software before they release it, he adds.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Candice So
Candice So
Candice is a graduate of Carleton University and has worked in several newsrooms as a freelance reporter and intern, including the Edmonton Journal, the Ottawa Citizen, the Globe and Mail, and the Windsor Star. Candice is a dog lover and a coffee drinker.

Featured Story

How the CTO can Maintain Cloud Momentum Across the Enterprise

Embracing cloud is easy for some individuals. But embedding widespread cloud adoption at the enterprise level is...

Related Tech News

Get ITBusiness Delivered

Our experienced team of journalists brings you engaging content targeted to IT professionals and line-of-business executives delivered directly to your inbox.

Featured Tech Jobs