“The files are transfered via HTTP without encryption,” wrote Core’s researchers in their report. The other two vulnerabilities showed ways in which an malicious actor could browse through your files or carry out man in the middle attacks, intercepting files between devices. In another SHAREit bug, Core found that users can open a Wi-Fi hotspot without a password and potentially intercept files transfers from Windows to Android devices. The vulnerability is particularly dangerous considering how weak and simple the password is. This code will run successfully, but anyone who has access to it will have access to the password,” the advisory said.
“This is an example of an external hard-coded password on the client-side of a connection. This meant someone could access the hotspot by guessing the password, which always stayed the same, according to Core. In one of its advisories, Core Security found that when the app is receiving files, it sets a password (in this case “12345678”) on a Wi-Fi hotspot.
Fitbit Versa 3Ĭore Security found four vulnerabilities in the app but the password issues stick out the most.
0 kommentar(er)
