While Microsoft seems to be struggling to keep the doors to the ransomware open through the house’s products, Google may be opening doors for threats like WannaCry and Petya to come with even more force to users and Companies around the world.
Calm down, this is not an evil plan of the Giant of the Searches, but of problems with an old and really outdated protocol of the Internet.
Basically, what happens to malicious data-hijacking software is successful in its attack is that SMB1 has many clear and familiar gaps. This version of the network protocol dates back more than two decades allows malware to spread laterally in a connected environment.
The result of this? Threats can spread silently between one computer and another on the same network, without users having to act carelessly or opening suspicious files.
To cut the evil at the root and drastically reduce this form of contagion, Microsoft announced a few weeks ago that will remove the file sharing of SMB1 from future versions of Windows.
This attitude continues a work the company has been doing since 2014, with actions to discourage the use of the protocol to the detriment of newer and more secure versions, such as SMB2.
The problem is that Google can derail this move in the right direction with the recent launch of its SMB client for Android devices.
The Android Samba Client is very complete and talks flawlessly with servers of this type, but it has a vulnerability that can go unnoticed by more lazy eyes: its default mode of communication is the considerably insecure SMB1.
It can make smaller companies and unstructured network administrators end up keeping the old protocol active on their servers just to make sure everything works properly – a decision that puts the whole network at risk of attack and intrusion, especially from ransomware.
The expectation is that if Google really does not want to undermine Microsoft’s efforts, future app updates discourage use of SMB1 or at least bring SMB2 as the default protocol. After all, nobody wants to facilitate the spread of evil like WannaCry and Petya.