Lenovo patches problems found in SHAREit app
Lenovo left a static password on some of its computers allowing access to the SHAREit app.
The issues with SHAREit, which were identified by Core Security, include having a static password on the computers that cannot be changed by the user and would allow anyone accessing this password to join a protected, ad hoc hot Wi-Fi hotspot created by the app. Core Security found a similar problem with the Android version of SHAREit where no password was needed to join the hotspot.
Other vulnerabilities allowed traffic between SHAREit users to be intercepted and altered, an attacker within Wi-Fi range could connect into the LAN to view files and the final flaw could cause a denial of service attack crashing SHAREit.
SHAREit version 3.2.0 and above for Windows, and Android version 3.5.38 and above fix the problems.