Lenovo, the owner of what was IBM’s personal computer business and the current creators of the professional legend “ThinkPad” have been caught up in a storm over the last year with security failures, adding to their portfolio today after researchers over at CoreIT find that its software package entitled SHAREit for both android and windows uses a default, hard coded password of ‘12345678’
February last year Lenovo got into a storm over its ‘superfish’ security vulnerability after they bundled software identified as “malware” (malicious software) on its laptops of the same name. Superfish software was a browser add-on which analysed the images being displayed in a browser and presented identical and/or similar product offers from other retailers. This software is commonly referred to as “pop-ups”.
Since the superfish incident, Lenovo has been plagued by two more issues, both of which reportedly sent metrics about the usage of the machine back to Lenovo.
Lenovo’s SHAREit program works on allowing users to transfer data between devices over a private wifi connection. The hard coded and thus unchangeable password which Lenovo chose ranked 3rd on the list of most common password created by splashdata.
Coupled with this password blunder, the connection which is used to transfer data is unencrypted, making the service extremely vulnerable to man in the middle attacks, where by an attacker could intercept the data and maybe even alter it, injecting malicious code or viruses.
At time of writing, Lenovo had yet to comment.