The Broadband Guide
SG
search advanced
 Username:
 Password:
Register
 forgot password?

Lenovo patches several software flaws in file-sharing utility

2016-01-28 03:07 by
Tags: ,

 

Lenovo has issued patches to fix four vulnerabilities in its ShareIT application. The app is available for Android, Microsoft Windows, Windows Phone and iOS and allows Lenovo users to share files and folders across different devices, without the need for USB sticks or email attachments.

The issues were identified by Core Security. Among them is a static password on the computers that cannot be changed by the user and would allow anyone who knows this password to join a protected, ad hoc Wi-Fi hotspot created by the app. What's worse here, is the password itself: 12345678.

A similar problem with the Android version of SHAREit was also found - no password was needed to join the hotspot. It turned out that due to other vulnerabilities, traffic between SHAREit users can be intercepted and altered. Another flaw could cause a denial of service attack crashing SHAREit.

"When Lenovo ShareIT for Windows is configured to receive files, a WiFi hotspot is set with an easy password (12345678). Any system with a WiFi network card could connect to that hotspot by using that password. The password is always the same," said Core Security.

"The files are transferred via HTTP without encryption. An attacker that is able to sniff the network traffic could view the data transferred or perform man-in-the-middle attacks, for example by modifying the content of the transferred files. When the application is configured to receive files, an open WiFi hotspot is created without any password. An attacker could connect to that hotspot and capture the information transferred between those devices."

Read more -here-

 

  Post your review/comments
    rate:
   avg:
comment discuss top
News Glossary of Terms FAQs Polls Cool Links SpeedGuide Teams SG Premium Services SG Gear Store
Registry Tweaks Broadband Tools Downloads/Patches Broadband Hardware SG Ports Database Security Default Passwords User Stories
Broadband Routers Wireless Firewalls / VPNs Software Hardware User Reviews
Broadband Security Editorials General User Articles Quick Reference
Broadband Forums General Discussions
Advertising Awards Link to us Server Statistics Helping SG About