Lenovo patches problems found in SHAREit app

Lenovo left a static password on some of its computers allowing access to the SHAREit app.
Lenovo left a static password on some of its computers allowing access to the SHAREit app.

Lenovo issued patches to fix four issues found on some ThinkPad and IdeaPad devices using the SHAREit app, including allowing remote system access and unauthorized access of transferred files.

The issues with SHAREit, which were identified by Core Security, include having a static password on the computers that cannot be changed by the user and would allow anyone accessing this password to join a protected, ad hoc hot Wi-Fi hotspot created by the app. Core Security found a similar problem with the Android version of SHAREit where no password was needed to join the hotspot.

Other vulnerabilities allowed traffic between SHAREit users to be intercepted and altered, an attacker within Wi-Fi range could connect into the LAN to view files and the final flaw could cause a denial of service attack crashing SHAREit.

SHAREit version 3.2.0 and above for Windows, and Android version 3.5.38 and above fix the problems.

You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS