Deutsch
Español
Français
Italiano
Nederlands
Polski
Português
Русский
Türkçe
Svenska
Chinese
MagyarGoogle's new Samba client for Android uses the highly vulnerable SMBv1 protocol
A new Samba client app released by Google for Android devices seems to inherently suffer from a major security vulnerability. Apparently, the app supports only the SMBv1 protocol which was the main route through which ransomware such as WannaCry and the more recent NotPetya propagated. The protocol has been officially deprecated by Microsoft, with the firm confirming that the upcoming Windows 10 Fall Creators Update or RS3 will not feature native support for SMBv1. The more secure SMBv2 and SMBv3 will continue to be supported, however.
Samba is essentially an open-source implementation of the SMB/CIFS networking protocol. It allows Unix workstations to access Windows shares over the network and allows for seamless file transfer and printer access between Unix and Windows systems. Android Police has confirmed that Google's Samba client does not work when SMBv1 is disabled. Ned Pyle who owns the SMB protocol family at Microsoft has chimed in to assert that SMBv1 on Linux is also not completely immune from MitM (Man-in-the-Middle) attacks and all users should start using SMBv2 at the bare minimum.
It is surprising to see that Google, which is usually proactive in pointing out security inadequacies in competitor products, is still developing apps that rely on deprecated and vulnerable protocols. Hopefully, the app will be updated to use more secure protocols and it is recommended that users stop using and disable any implementation of SMBv1 in the interest of security.
Source(s)
