Lenovo protected its file sharing app with “12345678” password

lenovo android yoga laptop tablet store storefront sign hq headquaters
A security researcher has discovered a number of vulnerabilities in Lenovo’s SHAREit app, the worst being the use of “12345678” as a hard-coded, default password. The problems have been patched in the software’s latest release.

SHAREit is an app found on many of Lenovo’s products to allow users to share files across devices. Some ThinkPad, and IdeaPad computers, along with Lenovo smartphones, were impacted by the bug.

Core Security found four vulnerabilities in the app but the password issues stick out the most. In one of its advisories, Core Security found that when the app is receiving files, it sets a password (in this case “12345678”) on a Wi-Fi hotspot. This meant someone could access the hotspot by guessing the password, which always stayed the same, according to Core.

“This is an example of an external hard-coded password on the client-side of a connection. This code will run successfully, but anyone who has access to it will have access to the password,” the advisory said. The vulnerability is particularly dangerous considering how weak and simple the password is.

In another SHAREit bug, Core found that users can open a Wi-Fi hotspot without a password and potentially intercept files transfers from Windows to Android devices. The other two vulnerabilities showed ways in which an malicious actor could browse through your files or carry out man in the middle attacks, intercepting files between devices.

“The files are transfered via HTTP without encryption,” wrote Core’s researchers in their report. “An attacker that is able to sniff the network traffic could to view the data transferred or perform man in the middle attacks, for example by modifying the content of the transferred files.”

Ivan Huertas of Core Security first discovered the vulnerabilities last October and disclosed them to Lenovo privately before going public. Lenovo has since patched the vulnerabilities with details on its support page and provided information on updates.

“Following industry best practice, Lenovo has made available updated versions of SHAREit which fix and eliminate these vulnerabilities in advance of this disclosure,” said a spokesperson for the company. “Users can resolve the vulnerability from their devices by updating to the latest version of SHAREit.”

If you think you may have been affected, you will find these updates versions available on Lenovo’s website, or the Google Play Store, in the case of the Android app.

Product Review

Now that every speaker has Alexa, don't you want the best? Get the Sonos One

To compete in the smart speaker space, Sonos could have just made a better-sounding Alexa speaker. But the company has a reputation to uphold, and went much further. Our Sonos One Review reveals how Sonos does Alexa better than Amazon.
Gaming

Transform into the ultimate leader with our tips and tricks for Civilization 6

Civilization VI offers both series veterans and total newcomers a lot to chew on from the get-go. Here are some essential starting tips to help you master the game's many intricacies.
Smart Home

From the kitchen to the bedroom, here are the best Alexa tips and tricks

Amazon's voice assistant Alexa has plenty of neat skills. So many, in fact, it seems like new ones appear every day. We've rounded up the top Echo tips and tricks to help you get the most out of your virtual assistant.
Deals

The best iRobot Roomba deals to make cleaning your home a breeze

Keep your home clean without lifting a finger using a robot vacuum cleaner. These nine iRobot Roomba deals not only help you keep your home tidy, but many also come with advanced features such as automatic scheduling and Wi-Fi connectivity.
Computing

AMD Ryzen CPU prices get slashed ahead of Ryzen 3000 release

AMD's Ryzen CPUs have had their prices slashed as we edge towards the release of their third generation. Whether you're a gamer or someone who needs multi-threaded performance, there's a deal for everyone with some heavy discounts to take…
Computing

The number pad on HP’s Chromebook 15 makes spreadsheet work a breeze

HP's Chromebook 15 comes with a 15.6-inch display, a metal keyboard deck with full-size keys, and a dedicated number pad, making it the second Chromebook model, following Acer's Chromebook 715, to be suited for spreadsheet work.
Computing

AMD’s 2020 Ryzen CPUs could have a big boost in power efficiency

The sequel to AMD's Zen 2-based Ryzen 3000 CPUs is slated for a 2020 release and when it arrives, could leverage the new Zen 3 architecture to deliver impressive gains to performance and power efficiency.
Computing

Worried about your online privacy? We tested the best VPN services

Browsing the web can be less secure than most users would hope. If that concerns you, a virtual private network — aka a VPN — is a decent solution. Check out a few of the best VPN services on the market.
Computing

Gaming on a laptop has never been better. These are your best options

Gaming desktops are powerful, but they tie you down to your desk. For those of us who prefer a more mobile experience, here are the best gaming laptops on the market, ranging from budget machines to maxed-out, wallet-emptying PCs.
Computing

Here's how you can download the best free music players for your Mac

Tired of your Mac's default music player? Take a look at our picks for the best free music players available for your Apple rig. Whether you're a casual listener or an audiophile, you're sure to find something that fits your needs here.
Computing

Want to make calls across the internet for less? Try these great VOIP services

Voice over IP services are getting more and more popular, but there are still a few that stand above the pack. In this guide, we'll give you a few options for the best VOIP services for home and business users.
Computing

The iPhone’s Screen Time and Siri Shortcuts could land on Macs this year

For its desktop computers, it appears that Apple may continue to draw from the iPhone for inspiration. iOS 12 features, like Screen Time and Siri Shortcuts, are believed to be making their way to MacOS this year at WWDC in June.
Computing

Dell slashes prices of XPS 13 and Alienware 17 laptops in latest promo

Dell's latest promotion will score you big savings on the XPS 13 or the Alienware 17. The stylish XPS 13's discount is for $430, and only the rose gold model is on sale, while gamers who choose the Alienware 17 will save $860.
Computing

Lenovo’s Yoga C930 sale drops a $650 discount on its 2TB SSD laptop

Lenovo is offering one of its 2-in-1 laptops at a $650 discount. This Lenovo Yoga C930 laptop comes with a 2TB solid-state drive, a digital pen, a fingerprint reader, and a Dolby Atmos sound bar.