The updated app removes that default password, but not before it opened the door to another hole that could allow attackers to remotely browse a device’s file system. Core Security said that when the app is configured to receive files from devices, it sets up a Wi-Fi hotspot with the same 12345678 password every time. The most pressing issue is the hard-coded password in the Windows version of the app.
“Lenovo SHAREit for Windows and Android are prone to multiple vulnerabilities which could result in integrity corruption, information leak and security bypasses,” Core Security wrote in its advisory published today Lenovo SHAREit for Android 3.0.18_ww and Lenovo SHAREit for Windows 2.5.1.1 are vulnerable, the researchers said. The app allows users to share files over Wi-Fi between PCs and mobile devices. The flaws were found in in the Lenovo ShareIT application for Android and Windows by researchers at Core Security’s CoreLabs.
Lenovo today has patched a number of vulnerabilities that jeopardize private data, which are largely enabled by a simple hard-coded password in a freely available file-sharing application.
0 kommentar(er)
