Lenovo uses most common password in the world “12345678”
It is amazing and baffling how companies of the stature of
Lenovo keep goofing up on the basics with total disregard for the security of their users from attacks. These mistakes, provided they are not deliberate leave
the devices of the users suscep tible to the attacks that can be eexploited by
the hackers who can then wreak havoc by exploiting these vulnerabilities.
In the lasted of these “shocking” instances, ShareIT, the
file sharing app of Lenovo that allows transferring of files between devices
that have this app installed and supports Windows and Android operating systems
has been found by Core Security, a computer and network security specialist to
either have a very simple password or no password!
Lenovo ShareIT for Windows has a hardwired password “12345678”
and for Android there is no password. ShareIt is a simple and yet efficient
tool that allows creating a Wi Fi hotspot for transferring files between
devices. However, the absence of any secure password or a complete absence of
such passwords mars the competence of such an app as an effective method of
file transfer.
What is even more disappointing is the fact that the files,
while being transferred are not encrypted. It allows the hackers who are on the
network to make copy of the files through the method of traffic sniffing while the
files are being transferred. There is another issue with the app. If a person
is logged onto the Windows version of the app, that person can merely view the
files but not download or copy it. The versions that are affected are ShareIT for Windows and 3.0.18_ww for Android. The bugs have been named
CVE-2016-1489, CVE-2016-1490, CVE-2016-1491 and CVE-2016-1492.


The security threat posed by the lack of a strong password
shows that even major companies like Lenovo are lax with their security measures
even when there are news every day of several major instances of hacking and
cyber attacks. Consumers of these devices pay a premium for the security measures
such as installation of firewalls and anti virus applications and yet there are
such vulnerabilities as the lack of a decent password in an application like
ShareIT. It remains to be seen how and when Lenovo takes a stock of this issue
and releases a patch.