Lenovo found out that "12345678" was set to SHAREit's Wi-Fi password


ByAlexljackson

"SHAREit" provided by Lenovo is a tool that can transfer files via Wi-Fi among all devices such as iOS · Android · Windows Phone · Windows · Mac. The password of the Wi-Fi hotspot configured at the time of SHAREit's file transfer is a representative of a dangerous password array "1 2 3 4 5 6 7 8"soHard codeIt turned out that it was done.

Lenovo ShareIT for Windows Multiple Vulnerabilities
http://www.coresecurity.com/advisories/lenovo-shareit-multiple-vulnerabilities

Lenovo protects your backdoor security with a really, really bad password- The Inquirer
http://www.theinquirer.net/inquirer/news/2443276/wtf-lenovo-protects-your-backdoor-security-with-a-really-really-really-bad-password


Software and applications are provided for each OS for SHAREit, but the reason why the Wi-Fi hotspot password is hard-coded with "12345678" is "SHAREit for WindowsThat thing. This password is "The most commonly used dangerous password top 25 listEven though it is ranked third in ranking, it is easy to guess character array, it is slightly better than "password" in 2nd place, but 1st place is "123456", so it is a dangerous array that is easy to guess It does not change.


SHAREit uses two devices in the same Wi-Fi networkAd hoc communicationThere is a function to build a dedicated Wi - Fi hotspot when connecting with. Connection between devices is done automatically without a password, but if any wirelessly connectable device exists, anyone can enter "12345678" to connect to SHAREit's Wi-Fi hotspot Become.

I have reported this vulnerabilityCore SecurityAccording to SHAREit, unencrypted HTTP is used as the file transferred by SHAREit, which means that it is possible to attack man-in-the-middle by looking at transfer data from, for example, network traffic and changing transfer data It is said that. Even before, Lenovo PC has "SuperfishAlthough we had installed adware called "adware" installed, we have provided official removal tool, but Lenovo is also asked for official opinion about this issue.

in Mobile,   Software,   Security, Posted by darkhorse_log