
The SHAREit application was protected by a “12345678” password that was hard-coded.
A software oversee was leaving devices unprotected and personal files at the push of “12345678”, but it seems that now Lenovo fixed the file-transfer security problem and users don’t have to worry about intruders hacking into their phones or tablets.
One of the problems in the security of the file-sharing feature was that it came with a password of “12345678” that was hard-coded. SHAREit could have been accessed from any device that had the application installed and knew the embedded password.
The problem was discovered by Core Security which initiated a dialog with Lenovo late October. It seems that the dialogue was pretty lengthy since the problem was solved in January.
The SHAREit feature from the Lenovo devices allows users to share their files with an Android device or a Windows computer over a LAN that is local or through an impromptu Wi-Fi hotspot.
The app is preloaded on all Lenovo devices, including its new notebooks, IdeaPad and ThinkPad and other devices capable of storing information.
According to Core Security, the affected versions of SHAREit were those on devices that worked with the Windows 2.5.1.1. and Android 3.0.18_ww packages.
On the devices that operated with Windows, the SHAREit was protected by a password that was hard-coded. This allowed anyone that was within the range of the device to connect and see or copy files from the device. The unchangeable password was “12345678”.
Additional problems were found by Core Security. It seems that the flaws in security would have allowed the attacker to see the names of files that were accessible to the person using the SHAREit app.
Another proof of faulty security management was the fact that neither of the versions, Windows or Android operated, were using any kind of file encryption in the moment of the transfer. This made the transferred data sensible to any third party within range of the devices.
The SHAREit application from the devices that worked with Android was even more exposed since it didn’t even require a password. According to Core Security, any individual with a compatible device within range could have accessed the information.
But now Lenovo fixed the faulty file-transfer security problem and users are prompted to set a password when the application is opened.
These changes happen in the new “secure mode”. When using it, Lenovo owners will also be able to transfer data that is encrypted with an AES 256-bit type of encryption.
In order to have access to all these changes, users have to select the “secure mode” of operation.
Image source: www.flickr.com