Just over two weeks ago, Google released a Samba client for Android out of the blue and without much fuss, bringing users the ability to mount Windows shares and conveniently move files. Unfortunately, it wasn"t quite an ideal solution due to the perplexingly exclusive support for SMBv1.
The SMBv1 protocol is vulnerable to exploits discovered by the NSA and released by The Shadow Brokers earlier this year; the WannaCry ransomware abused the protocol to propagate through networks in over seventy countries a few months ago and was followed by the Petya/NotPetya ransomware – using the same exploit – soon after.
Today, Google has released an update for the Samba client, disabling support for SMBv1 by default and enabling support for SMBv2 and SMBv3 protocols.
The SMBv2 and SMBv3 versions of the protocol offer a few extra security features and do not share the same vulnerabilities as SMBv1.
Since the client is open-source, we can see that the change, in fact, happened more than a week ago, and was brought upon due to an “urge from users” – it just took Google this long to push an update for the app on the Play Store.
However, it seems Google still has some work to do; of the 154 total reviews on the Play Store, the Samba client has received 60 one-star reviews, with only 45 five-star reviews, giving it a score of a mere 2.8. The most common complaint seems to be about a clunky interface, limited features, and the inability to unmount a share.
The client may not be very feature-rich, but with the fatal vulnerability fixed, it is at least more secure.