On the Insecurities of Mobile D2D File Sharing Applications

by   Andrei Bytes, et al.

With more than 1.3 Billion in the cumulative number of downloads reported, the top six applications compete in the niche of Wi-Fi Direct D2D file sharing on Android. With the highest userbase in India and Indonesia, ShareIT itself reports the number of active users of their application on desktop and mobile devices exceeding 1.8 billion, ranked top 7 globally by the number of downloads on Google Play and Apple App Store in 2018. Wi-Fi Direct, also known as Wi-Fi P2P, is commonly used for peer-to-peer, high-speed file transfer between mobile devices, as well as a close proximity connection mode for wireless cameras, network printers, TVs and other IoT and mobile devices. For its end users, such type of direct file transfer does not result in cellular data charges and allows to keep their primary Wi-Fi interface up concurrently with a dedicated Wi-Fi P2P interface, which is commonly provided by the default wireless module of the mobile phone. However, despite the popularity of these solutions demonstrated by Google Play download statistics, we observe that the software vendors tend to prioritize the ease of user flow over the security of the implementation, introducing serious security flaws. We perform a comprehensive security analysis in the context of security and usability behind the identified flaws and report our findings in the form of 16 Common Vulnerabilities and Exposures (CVE), disclosed to the corresponding vendors. To address the similar flaws at the early stage of the application design, we propose a joint consideration of Security and Usability for such applications and their protocols that can be visualized in form of a User Journey Map (UJM).


page 1

page 4

page 6


Device-to-Device Networking Meets Cellular via Network Coding

Utilizing device-to-device (D2D) connections among mobile devices is pro...

Vulnerability Analysis of Digital Banks' Mobile Applications

There is a rapid increase in the number of mobile banking applications' ...

SoK: Untangling File-based Encryption on Mobile Devices

File-based encryption (FBE) schemes have been developed by software vend...

Exploiting Sensor Multiplexing for Covert Channels and Application Fingerprinting on Mobile Devices

Mobile devices often distribute measurements from a single physical sens...

Towards Mobile Distributed Ledgers

Advances in mobile computing have paved the way for new types of distrib...

On the (In)security of Bluetooth Low Energy One-Way Secure Connections Only Mode

To defeat security threats such as man-in-the-middle (MITM) attacks, Blu...

Rescuing the End-user systems from Vulnerable Applications using Virtualization Techniques

In systems owned by normal end-users, many times security attacks are mo...

Please sign up or login with your details

Forgot password? Click here to reset