Shape the future of File Sharing: SHAREit!

Since ThinkPads are supposed (yet ?) to be used in corporate environment or worikng with sensitive data "using cables" is still much more safe and faster. Also remember that any open incoming network port affects security. The more "easy" the sharing is, the less secure is.

---

rstraub wrote:
SHAREit, in both the PC and Android versions offers a Secure Mode, that requires a password to be entered

---

Lenovo used third 'worst password' in file-sharing backdoor flaw

http://www.zdnet.com/article/lenovo-used-third-worst-password-in-file-sharing-backdoor-flaw/

"When Lenovo ShareIt for Windows is configured to receive files, a Wi-Fi HotSpot is set with an easy password (12345678). Any system with a Wi-Fi Network card could connect to that Hotspot by using that password. The password is always the same."

Once a Wi-Fi network is active and connected using the default 12345678 password, files can be browsed through but not downloaded via a simple HTTP request, granting attackers the option to wander through data at will

The third flaw, CVE-2016-1489, reveals that files transferred between Windows and Android machines are shifted in plain text and lack any form of encryption.

Finally, the fourth bug, CVE-2016-1492, was found in ShareIT's file transfer system. Users can open Wi-Fi HotSpots without any password, and so an attacker could connect to that HotSpot and capture the information transferred between Windows and Android devices.

These are not typical vulnerabilities, it is just complete ignorance of basic security principles regardless of whether the issues are currently fixed or not  How could you ever release such vulnerable by design application ? Even worse, it probably comes preinstalled in ThinkPads by default.

This is typical result of "androidized" approach to the security (= no security).

No immediate action ? The vulnerable software is still available for download.