Lenovo’s Shareit app for Android and Windows smartphones have multiple vulnerabilities that researchers have recently discovered. According to Core Security’s Core Lab, they have discovered that the said app can leak information as well as passwords due to the app’s flaws.
Researchers said that they found several vulnerabilities in the Shareit versions for the Android 3.0.18_ww and Windows 22.214.171.124 which could lead to security bypasses, information leak and integrity corruption. The Windows Phone, according to them, is particularly risky because it has hard-coded passwords which can easily be exploited by hackers.
Tech Worm also reported that Core Security has noted that when the app is configured to receive files from devices, it sets up a Wi-Fi hotspot which has the same 12345678 password each time. The updated app, in turn, removes that default password but does so after it has already opened a door to another hole allowing attackers to remotely browse a device’s file system.
The CoreLabs researchers also noted that the app by Lenovo for both the Android and Windows version transferred files in plain text over http which can be sniffed by any hacker easily. The attacker that is able to sniff the network traffic can view the data transferred, or perform man in the middle attacks like modifying the transferred files’ contents.
Core Security also said that the final vulnerability affects only the Android version of the app. When it is configured to receive files, it is done over a Wi-Fi hotspot that is created by the app without any password. The information regarding the vulnerabilities of the Shareit app for both Android and Windows smartphones has been shared to Lenovo.
Meanwhile, Lenovo has updated the app for both the platforms and has announced that users can now download the said fix for their devices.
Shareit is a popular smartphone app for Android and Windows mobile phones and has been developed by Chinese tech company, Lenovo. The app transfers files between PCs and smartphones quickly using Wi-Fi. Currently it has more than 5 million downloads.
For more technology news, you can subscribe to our newsletter. If you are a social media junkie and would like to receive updates on your timeline, then you can also like us on Facebook or follow us on Twitter.