Information Security Specialist Huertas Ivan (Ivan Huertas) of Core Security Consulting Team was able to discover several vulnerabilities in software Lenovo for Windows and Android. It is about Lenovo SHAREit. One of the most notable issues (CVE-2016-1491) is that Windows Lenovo app works with the same password unchanged.
So, when receiving files from the use of this "air" applications created with password access point 12345678. Thus, for such access point can connect almost any network device.
As for the other vulnerabilities, the CVE-2016-1490, for example, allows an outside person to view files with the HTTP-request sending server that is running Lenovo SHAREit. The application sends the files on the HTTP-report unencrypted.
A vulnerability CVE-2016-1489 allows an attacker to intercept network traffic, viewing the transmitted data. At the same time file transfers can be modified and sent to the victim's computer.
In addition, CVE-2016-1492 vulnerability allows an attacker to use a password unprotected access point, with the interception of data that are sent at a particular time.
Discovered vulnerabilities are relevant to SHAREit for Android 3.0.18_ww and SHAREit for Windows 2.5.1.1. Now the company has corrected the problem so that these vulnerabilities are irrelevant.
With regard ShareIt, then this program is used to transfer files between smartphones, tablets and PCs wirelessly.