Vulnerabilities were identified on the Windows and Android versions of the SHAREit application that may allow remote browsing of a file system and unauthorized access of transferred files by an attacker
SHAREit for Windows and Android is an application that may be preloaded on some Think, IdeaPad or Lenovo notebook computers or Lenovo mobile devices or downloaded onto non-Lenovo Windows or Android devices that lets users share specified files and folders between smartphones, tablets and personal computers.
To do this, SHAREit either creates an ad hoc Wi-Fi hotspot on the sender’s system or allows SHAREit users to connect over a local LAN. The sender picks files or folders to send to a specific SHAREit user. That user is then able to download the specified files.A vulnerability was identified on the Windows version of SHAREit that allows an attacker to join a protected ad hoc Wi-Fi hotspot created by SHAREit by providing a static password that is not able to be changed by the user. A similar vulnerability was identified on the Android version of SHAREit where no password was required to join the ad hoc Wi-Fi hotspot.
A second vulnerability on both Windows and Android versions could allow an attacker who is actively intercepting traffic between two users transferring a file to copy or modify content being transferred when the file transfer is occurring.
Windows SHAREit version 3.2.0 and later and Android SHAREit version 3.5.38_ww and later include a new “secure mode” option that resolves the first vulnerability by allowing users to configure a unique password to share files between users, which will prevent unauthorized users from connecting to the SHAREit hotspot. This mode also fixes the second vulnerability by encrypting the file transfer using AES-256 (using the unique password as a pre-shared key) on a PC to PC LAN transfer and through a hotspot WPA connection on transfers involving the Android version
Third and fourth vulnerabilities were identified only on SHAREit for Windows. The third vulnerability could allow an attacker who is within physical Wi-Fi range or connected on the same local LAN to remotely view names of files in the file system that are accessible to the user running SHAREit, subject to normal Windows file access permission restrictions. The fourth vulnerability could cause a denial of service attack and crash the Windows SHAREit client. These vulnerabilities do not allow an attacker to download or otherwise access the visible files. These vulnerabilities are fixed in all modes of SHAREit for Windows version 3.2.0 and later.
Mitigation Strategy for Customers (what you should do to protect yourself):
The following two steps will address all disclosed vulnerabilities.
1. Update to the latest version of the software following the instructions below (version 3.2.0 and above for Windows, and version 3.5.38_ww and above for Android).
2. Ensure you are using “secure mode” by following the instructions below.
There are three ways to update to the latest Windows version, as described here:
1. Updating through the SHAREit app
Users should open SHAREit on their PCs and they will be presented with a prompt to automatically update SHAREit to the latest version.
2. Updating via the Lenovo System Update utility or the Lenovo OneKey Optimizer Utility
In Lenovo System Update, click on “Get new updates” and follow the prompts to update your system with the latest version of SHAREit.
In Lenovo OneKey Optimizer, click on “Update” and follow the prompts to update your system with the latest version of SHAREit.
3. Updating via direct download
Identify the version of SHAREit installed on your system and click on the download link from the following website. Click on the “Free Download” link at the top and then click on “Download for Windows” and open the executable:http://shareit.lenovo.com
To enable “secure mode” on SHAREit for Windows running version 3.2.0 and above
1. Click on the down arrow on the SHAREit screen and select “Settings”
2. Click on the “Secure mode” option and then click on “Save”.
There are two ways to update to the latest Android version as described here:
1. Updating via the SHAREit app
When the SHAREit app is opened, the user will see a SHAREit notification in the notification bar.
Drag down the notification bar and tap on the “Update SHAREit” notification. The user will be redirected to the Google Play store to update the application to the latest version.
The link redirects you to open Google Play store to update the application.
2. Updating via the Google Play store
Go to the Google Play store and download the latest version of SHAREit available here: https://play.google.com/store/apps/details?id=com.lenovo.anyshare.gps&hl=en
To enable “secure mode” on SHAREit for Android running version 3.5.38_ww and above – PLEASE NOTE, “secure mode” on SHAREit for Android only allows connection through a Wi-Fi hotspot and does not function through a LAN
1. Tap on the user icon in the upper left corner
2. Tap on the “Settings” button toward the bottom of the screen
3. Scroll down and select “Hotspot Encryption”
This vulnerability was discovered and researched by Ivan Huertas from Core Security Consulting Team.
(CVE-2016-1492, CVE-2016-1491, CVE-2016-1490, CVE-2016-1489).
Also thanks to Peter Nelson, independent security researcher.
Other information and references:
CVE ID: CVE-2016-1492, CVE-2016-1491, CVE-2016-1490, CVE-2016-1489