Notebookcheck
, , , , , ,
search relation.
, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
 

Google's new Samba client for Android uses the highly vulnerable SMBv1 protocol

The new Samba client for Andriod doesn't use updated SMB protocols. (Source: Android Police)
The new Samba client for Andriod doesn't use updated SMB protocols. (Source: Android Police)
The SMBv1 protocol was the entry route for the recent ransomware attacks, and it comes as a surprise that Google is still developing an app based on this protocol — even after it has been deprecated, putting end users at risk.
, , , , , ,
search relation.
, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
 

A new Samba client app released by Google for Android devices seems to inherently suffer from a major security vulnerability. Apparently, the app supports only the SMBv1 protocol which was the main route through which ransomware such as WannaCry and the more recent NotPetya propagated. The protocol has been officially deprecated by Microsoft, with the firm confirming that the upcoming Windows 10 Fall Creators Update or RS3 will not feature native support for SMBv1. The more secure SMBv2 and SMBv3 will continue to be supported, however.

Samba is essentially an open-source implementation of the SMB/CIFS networking protocol. It allows Unix workstations to access Windows shares over the network and allows for seamless file transfer and printer access between Unix and Windows systems. Android Police has confirmed that Google's Samba client does not work when SMBv1 is disabled. Ned Pyle who owns the SMB protocol family at Microsoft has chimed in to assert that SMBv1 on Linux is also not completely immune from MitM (Man-in-the-Middle) attacks and all users should start using SMBv2 at the bare minimum.

It is surprising to see that Google, which is usually proactive in pointing out security inadequacies in competitor products, is still developing apps that rely on deprecated and vulnerable protocols. Hopefully, the app will be updated to use more secure protocols and it is recommended that users stop using and disable any implementation of SMBv1 in the interest of security.

 

 

Source(s)

Read all 1 comments / answer
static version load dynamic
Loading Comments
Comment on this article
, , , , , ,
search relation.
, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
 
Vaidyanathan Subramaniam
Vaidyanathan Subramaniam - Managing Editor - 1395 articles published on Notebookcheck since 2012
Though a cell and molecular biologist by training, I have been drawn towards computers from a very young age ever since I got my first PC in 1998. My passion for technology grew quite exponentially with the times, and it has been an incredible experience from being a much solicited source for tech advice and troubleshooting among family and friends to joining Notebookcheck in 2017 as a professional tech journalist. Now, I am a Lead Editor at Notebookcheck covering news and reviews encompassing a wide gamut of the technology landscape for Indian and global audiences. When I am not hunting for the next big story or taking complex measurements for reviews, you can find me unwinding to a nice read, listening to some soulful music, or trying out a new game.
contact me via: @Geeky_Vaidy
Please share our article, every link counts!
> Notebook / Laptop Reviews and News > News > News Archive > Newsarchive 2017 07 > Google's new Samba client for Android uses the highly vulnerable SMBv1 protocol
Vaidyanathan Subramaniam, 2017-07- 8 (Update: 2017-07- 8)