Lenovo fixes basic flaws in one of its bundled apps
Android and Windows devices had obvious exploits baked into their pre-loaded software.
Lenovo's software security headaches aren't quite over yet, it seems. The PC maker has fixed an a slew of glaring flaws in a file-sharing app, ShareIt, that comes bundled with both its Android and Windows devices (including IdeaPads and ThinkPads). How glaring? For a start, the Windows version had an extremely obvious password ("12345678") hard-coded into the software -- anyone on the same WiFi network could connect just by guessing, and you couldn't even change that password if you knew the problem existed. ShareIt on both platforms also sent files without encryption, and the Android version would default to creating a password-free WiFi hotspot when you chose to receive files.
The updated apps are available now, and they both offer a "secure mode" that both invokes encryption and requires a password when you're sharing your files. However, the concern is that this an optional mode, not mandatory -- many people may skip the setting without realizing what they're putting at risk. Although Lenovo tackled the biggest issue, its implementation might not go far as it should.