Researchers found Vulnerabilities in “SHAREit” Application!

SHAREit is an application designed by “Lenovo”, using which users can share files and folders over a WiFi network between two smartphones and PCs.It is freely available for Windows and Android smartphones. Researchers of Core Security found several vulnerabilities in this applications,which were related to hard-coded password presence in this application. This hard-coded password controls the sharing process of files between the two devices. These security issues has been fixed by Lenovo now. These vulnerabilties were found in SHAREit's version “3.0.18” for Android and “2.5.1.1” for Windows.

Core Security said,” Lenovo gave a SHAREit named useful application to smartphone users, using which users can share files and folders over a WiFi network very easily. SHAREit creates a network bridge between two smartphones and PCs, during file sharing process. This application is freely available on the App Store of Android and Windows. Our researchers have found several security issues in this application and criminals can exploit these flaws for security byepass and information leak process.”

In SHAREit's Windows version “2.5.1.1” researchers found a vulnerability (CVE-2016-1491), which is related to hard-coded password. Researchers said that when user will exchange files between two devices SHAREit will setup a WiFi hotspot every time. SHAREit uses a very simple password “12345678” to setup this hotspot everytime. It is a very simple password, which could be found by hackers within few seconds.

Another Vulnerability (CVE-2016-1490) has been found by researchers. Lenovo released a security update for its default password “12345678” which is not a proper solution. It allows the hackers to gain the remote access of any device, which is using SHAREit. Due to this flaw hackers can browse the files of any device, when it is connected to WiFi with default password. By sending a HTTP request to server of SHAREit, hacker can browse files but it will not be possible for the hacker to download that files.

The team of Core Security researchers have found many other security issues, which is related to plain text file transfer in both Android and Windows version of SHAREit. Lenovo is still working on these SHAREit security issues. For more details check security reports of Core Security Corelabs.

Source: securityaffairs

Stay connected to your important Windows Applications and software using a cloud desktop by CloudDesktopOnline.com- one of the best DaaS providers . Get excellent support from Apps4Rent.com