Subscribe

Google app leaves Android phones vulnerable

Lauren Kate Rawlins
By Lauren Kate Rawlins, ITWeb digital and innovation contributor.
Johannesburg, 12 Jul 2017
Guy Golan, CEO of Performanta Group.
Guy Golan, CEO of Performanta Group.

Google has released an Android Samba Client app allowing users to access their remote files seamlessly from their Android devices.

However, users have found it only supports the same sharing protocol (SMBv1) used recently by the WannaCry and NotPetya hackers.

Android Police tested the Samba client and found that when they disabled SMBv1 on their home server and tried to connect to it again, it wouldn't connect - which means the app only supports SMBv1.

Guy Golan, CEO of Performanta Group, explains Samba is a free and open source implementation of the Server Message Block (SMB) protocol.

"SMB is extremely widely used by many operating systems and software. It is widely regarded as the de-facto way of accessing files and printers across networks, and is used in almost every network you would find."

Golan says while the SMBv1 protocol is not in itself vulnerable to viruses like WannaCry, it has design flaws and is a significant oversight by Google to not support newer versions.

"Microsoft's implementation of SMBv1 was vulnerable before they put out the MS17-010 patch to fix the vulnerabilities. There is no evidence that Google's implementation has any similar vulnerabilities.

"Having said that, SMBv1 has some serious fundamental design flaws. For example, attackers can perform a man-in-the-middle (MitM) attack where they can read and modify any SMBv1 communications by actively blocking SMBv2 or SMBv3."

Golan says there is nothing to suggest a strain of WannaCry or NotPetya could make it to smartphones.

"Google's implementation of SMBv1 is different to Microsoft's, and it was Microsoft's implementation of the protocol that was vulnerable."

However, Golan says the design flaws in SMBv1 make it theoretically possible for an attacker to serve up malware to Android devices if they are able to perform a MitM attack.

This would require the attacker to be on the same network as the client using the Android app, and for the client to be actively using the app, he says.

Share