Google's new Samba client for Android uses the highly vulnerable SMBv1 protocol

The new Samba client for Andriod doesn't use updated SMB protocols. (Source: Android Police)
The new Samba client for Andriod doesn't use updated SMB protocols. (Source: Android Police)
The SMBv1 protocol was the entry route for the recent ransomware attacks, and it comes as a surprise that Google is still developing an app based on this protocol — even after it has been deprecated, putting end users at risk.

A new Samba client app released by Google for Android devices seems to inherently suffer from a major security vulnerability. Apparently, the app supports only the SMBv1 protocol which was the main route through which ransomware such as WannaCry and the more recent NotPetya propagated. The protocol has been officially deprecated by Microsoft, with the firm confirming that the upcoming Windows 10 Fall Creators Update or RS3 will not feature native support for SMBv1. The more secure SMBv2 and SMBv3 will continue to be supported, however.

Samba is essentially an open-source implementation of the SMB/CIFS networking protocol. It allows Unix workstations to access Windows shares over the network and allows for seamless file transfer and printer access between Unix and Windows systems. Android Police has confirmed that Google's Samba client does not work when SMBv1 is disabled. Ned Pyle who owns the SMB protocol family at Microsoft has chimed in to assert that SMBv1 on Linux is also not completely immune from MitM (Man-in-the-Middle) attacks and all users should start using SMBv2 at the bare minimum.

It is surprising to see that Google, which is usually proactive in pointing out security inadequacies in competitor products, is still developing apps that rely on deprecated and vulnerable protocols. Hopefully, the app will be updated to use more secure protocols and it is recommended that users stop using and disable any implementation of SMBv1 in the interest of security.



Working For Notebookcheck

Are you a techie who knows how to write? Then join our Team! Especially English native speakers welcome!

Currently wanted: 
News and Editorial Editor - Details here


Read all 1 comments / answer
static version load dynamic
Loading Comments
Comment on this article
Please share our article, every link counts!
> Notebook / Laptop Reviews and News > News > News Archive > Newsarchive 2017 07 > Google's new Samba client for Android uses the highly vulnerable SMBv1 protocol
Vaidyanathan Subramaniam, 2017-07- 8 (Update: 2017-07- 8)
Vaidyanathan Subramaniam
Vaidyanathan Subramaniam - News Editor
I am a cell and molecular biologist and computers have been an integral part of my life ever since I laid my hands on my first PC which was based on an Intel Celeron 266 MHz processor, 16 MB RAM and a modest 2 GB hard disk. Since then, I’ve seen my passion for technology evolve with the times. From traditional floppy based storage and running DOS commands for every other task, to the connected cloud and shared social experiences we take for granted today, I consider myself fortunate to have witnessed a sea change in the technology landscape. I honestly feel that the best is yet to come, when things like AI and cloud computing mature further. When I am not out finding the next big cure for cancer, I read and write about a lot of technology related stuff or go about ripping and re-assembling PCs and laptops.