You would think that hardware companies would know better when it comes to password. Well, that isn’t the case when it comes to Lenovo as Core Security has discovered that the Lenovo’s SHAREit app is hardcoded with a password that anyone could guess without breaking a sweat.
So what is that password? It’s ‘12345678’. According to the report published by Core Security, ‘when Lenovo SHAREit for Windows is configured to receive files, a Wifi Hotspot is set with an easy password (12345678). Any system with a Wifi Network card could connect to that Hotspot by using that password. The password is always the same.’
That’s not the only fault that Core Security discovered with SHAREit. Other glaring faults in Lenovo’s filesharing app includes the fact that files are transfered via HTTP without encryption, allowing anyone that is capable of sniffing network traffic to intercept them without much problems. The SHAREit app is equally lacking in security on the Android version as when the application is configured to receive files, an open Wifi Hotspot is created without any password, thus allowing an attacker to connect to said Hotspot and capture information transferred between devices.
If you are currently using the SHAREit app, make sure that you’ve updated the app as Lenovo has since patched this particular oversight.
Source : The Inquirer, Core Security