One of the major electronic manufacturers is Lenovo and it has been a hard days for Lenovo as they were charged for #Superfish Malware, #Installing Rootkits, #Website Hacked and then #Pre-installed Spyware. Now it is a flaw in its product.
#Shareit - One of the famous application that has been used by millions for file transfer and also to share other media at very fast rate. Shareit protects users data with password and there has been major three flaws released with this product.
1. Man in the Middle Attack
2. Security Protocol Bypass
3. Poor Cryptographic storage.
Man in the Middle attack is possible in which any one can sniff the packet that are being transferred between users and the attacker can also change the traffic that is being transmitted.
Security Protocol Bypass is one such in which using the application any user can create a Wi-Fi hotspot to send files and that hotspot is not secured with password and thus anyone can connect to that open Wi-Fi and can sniff the traffic.
The next flaw is one of the mass in which the security key used to secure the user data is none other than "12345678" which is a hard coded value in the source code itself. The key that are using "12345678" is the Third Worst password of 2015 as per password management company.
The flaws has been patched and the new version has been rolled out for both Android and Windows users are advised to update the application to avoid any data loss.
P.S: The post is to create awareness and not to create any negative impact.
No comments:
Post a Comment