Skip to main content
  1. Home
  2. Computing
  3. Mobile
  4. News

Lenovo protected its file sharing app with “12345678” password

Add as a preferred source on Google

A security researcher has discovered a number of vulnerabilities in Lenovo’s SHAREit app, the worst being the use of “12345678” as a hard-coded, default password. The problems have been patched in the software’s latest release.

SHAREit is an app found on many of Lenovo’s products to allow users to share files across devices. Some ThinkPad, and IdeaPad computers, along with Lenovo smartphones, were impacted by the bug.

Recommended Videos

Core Security found four vulnerabilities in the app but the password issues stick out the most. In one of its advisories, Core Security found that when the app is receiving files, it sets a password (in this case “12345678”) on a Wi-Fi hotspot. This meant someone could access the hotspot by guessing the password, which always stayed the same, according to Core.

“This is an example of an external hard-coded password on the client-side of a connection. This code will run successfully, but anyone who has access to it will have access to the password,” the advisory said. The vulnerability is particularly dangerous considering how weak and simple the password is.

In another SHAREit bug, Core found that users can open a Wi-Fi hotspot without a password and potentially intercept files transfers from Windows to Android devices. The other two vulnerabilities showed ways in which an malicious actor could browse through your files or carry out man in the middle attacks, intercepting files between devices.

“The files are transfered via HTTP without encryption,” wrote Core’s researchers in their report. “An attacker that is able to sniff the network traffic could to view the data transferred or perform man in the middle attacks, for example by modifying the content of the transferred files.”

Ivan Huertas of Core Security first discovered the vulnerabilities last October and disclosed them to Lenovo privately before going public. Lenovo has since patched the vulnerabilities with details on its support page and provided information on updates.

“Following industry best practice, Lenovo has made available updated versions of SHAREit which fix and eliminate these vulnerabilities in advance of this disclosure,” said a spokesperson for the company. “Users can resolve the vulnerability from their devices by updating to the latest version of SHAREit.”

If you think you may have been affected, you will find these updates versions available on Lenovo’s website, or the Google Play Store, in the case of the Android app.

Jonathan Keane
Jonathan is a freelance technology journalist living in Dublin, Ireland. He's previously written for publications and sites…
Parents worry AI is becoming a crutch for their kids while schools struggle to keep up, survey finds
Only 1 in 3 schools has AI guidelines as nearly 50% parents grow anxious about kids leaning on AI too much.
a boy using iPhone

Kids are using AI for their homework, and half of their parents are not sure that's a good thing. Deloitte's 2026 Back-to-School Survey, which polled 1,207 parents of K-12 students, found that 49% worry their child relies on AI too much.

The findings suggest AI adoption is moving far faster than the policies meant to guide it, leaving many parents unsure how these tools are being used in education.

Read more
Samsung wants to put its own chip in your next PC and it’s all about speeding up AI chores
Samsung Custom Chip

Samsung may be plotting a new entry into the PC chip business. A new report from the Korea Economic Daily says Samsung’s System LSI division is developing a dedicated AI accelerator for PCs called Gaia. The company has reportedly supplied early samples to Lenovo and HP for performance testing, with mass production potentially beginning as early as 2027.

Prominent Samsung leaker Ice Universe described the project as the company’s return to the PC processor market after roughly 13 years. However, the details point toward something slightly different from a traditional laptop processor. Gaia might be a specialized companion chip designed to handle artificial intelligence workloads rather than a complete replacement for an Intel, AMD, or Qualcomm CPU.

Read more
AI image generators have escaped nightmare fingers and entered the fake premium era
Meta Muse, Gemini, and ChatGPT can now make clean, usable images. They also keep making reality look like a product render with feelings.
Terminal, Railway, Train

I expected this comparison to be uglier. Meta Muse, Gemini Nano Banana 2, and ChatGPT Images 2.0 sounded like a perfect setup for plastic faces, mangled hands, fake products, and posters written in haunted alphabet soup. Instead, they were mostly competent, which somehow made the whole thing more suspicious.

These aren’t identical tools wearing different logos. Meta pitches Muse Image as a social image model living inside Meta AI and its apps. Google frames Nano Banana 2 around speed, editing, and Gemini’s broader knowledge. OpenAI sells ChatGPT Images 2.0 on text rendering, visual control, and stronger prompt handling. Different ambitions, same polished little showroom.

Read more