This week has circulated the information of the appearance of a new application for the Google mobile platform that allowed access to the files of our PC remotely through the protocol SMB / CIFS whose implementation more known is Samba.
This tool has a problem: at its launch only the SMBv1 protocol was available, and this first version is known to have been exploited by the ransomware WannaCrypt and NotPetya. In the code of the tool, available in GitHub, seem to be already posing solutions, but for the moment maybe not a good idea to use it.
Beware of SMB1
Ned Pyle, a developer at Microsoft, explained on AndroidPolice how this tool made use of SMB1 client code that “does not provide enough protection for MitM (Man in the Middle) attacks unless it is carefully configured with UNC hardening.” In fact, this expert recommended here “do not use any SMB client from any vendor that only supports SMB1”. This developer already explained in depth the problems of that old version in an article in Microsoft TechNet.
— SwiftOnSecurity (@SwiftOnSecurity) April 12, 2016
The source code of the application is available in GitHub as part of Google’s repository – which seems to show that the tool actually comes from its developers – and in that code explains that the application is developed from the basis of Samba 4.5. 1.
Alerts also seem to have jumped among those who have analyzed these features, because there is already at least one request that SMB2 be used in the default configuration instead of SMB1, and that commit has already been applied to the tool, although in Google Play version available is still the 1.0 of the past 5 July.
For now it seems prudent that, unless you need the tool for a specific scenario of use with SMB1, and you know the risks to which you expose, wait for that utility to be updated to make use of SMB2 by default, something that would reinforce the safety of this application.