Samba is a pretty useful networking protocol, but earlier versions of it were known to be extremely vulnerable to certain attacks.
Remember WannaCry, the ransomware that broke pretty much everything in May? And NotPetya, which reared its nasty head last week, causing particular devastation to machines in the Ukraine? Both took advantage of flaws in SMBv1 to propagate and infect computers.
Anyway, Google just released a SAMBA client for Android, and it only supports SMBv1 shares.
Literally, only SMBv1 shares. Android Police’s Corbin Davenport tested the app with a Samba share running the more modern and secure SMBv2 protocol, and found that it wouldn’t even connect.
For context, this is the equivalent of Boeing building a hydrogen-fueled version of the 747 immediately after the explosion of the Hindenburg. Or Ford responding to drunk driving statistics by making a version of Ford Fiesta that only works when you’re completely shitfaced.
Yes, it’s a pretty weak analogy, but you get the idea.
Given Google’s considerable resources, and the current momentum away from SMBv1, it’s pretty staggering that they’d release something so problematic from a security perspective.
But they have, and here we are. SMH Google.