Shortly thereafter, the company promised a cleaner and safer PC experience, but that didn’t prevent the discovery of a rootkit-like utility in August and two privilege escalation vulnerabilities a few months later.
Lenovo had a tough year when it came to the security of its products.Ībout a year ago, news first broke of Superfish, the man-in-the-middle adware that affected all PCs produced by the Chinese computer technology company. It is in the interest of SHAREit users to implement those fixes as soon as possible.
#Lenovo shareit android#
Three months later, patches for both Android (available from the Google Play Store) and for Windows phone (available here) have now been released.
#Lenovo shareit password#
“When the Wi-Fi network is on and connected with the default password (12345678), the files can be browsed but not downloaded by performing an HTTP Request to the WebServer launched by Lenovo SHAREit.”įinally, both Windows and Android are susceptible to the fourth bug (CVE-2016-1489), which involves the transfer of files via HTTP without encryption, thereby allowing an attacker to perform man-in-the-middle (MitM) attacks in order to change the content of a file in transit.Ĭore Security originally sent a notification to Lenovo back in October of last year. The third vulnerability (CVE-2016-1490) discovered by CoreLabs builds upon the insecure Windows password issue discussed above:
To be sure, it doesn’t say much when Lenovo could have mitigated two separate vulnerabilities by adhering to the most basic principles of password security.īut moving right along. In the second vulnerability (CVE-2016-1492), which applied only to SHAREit for Android, there is no password set up to protect the Wi-Fi hotspot when the app is configured to receive files. Then again, I suppose the issue could be worse. What is surprising is the fact that Lenovo would incorporate such an insecure password into its application - and one that does not change, no less! Not surprisingly, this password just recently earned a top spot on the latest list of worst passwords you could possibly choose. CoreLabs discovered that whenever SHAREit for Windows is configured to receive files, this process creates a Wi-Fi hotspot that is ‘protected’ by the password “12345678”.
The first vulnerability (CVE-2016-1491) is perhaps the most infuriating.
0 kommentar(er)
