Security Breaches Found in AI-Powered Repair Tool Wondershare RepairIt

Trend Micro reveals that RepairIt "contradicted its privacy policy by collecting, storing, and, due to weak Development, Security, and Operations practices, inadvertently leaking private user data."

Cybersecurity researchers have revealed two critical flaws in Wondershare RepairIt, an AI-powered repair tool used by millions, that open the door to massive supply chain attacks.

Trend Micro disclosed the details last week, and says RepairIt “contradicted its privacy policy by collecting, storing, and, due to weak Development, Security, and Operations (DevSecOps) practices, inadvertently leaking private user data.”

The vulnerabilities carry CVSS scores of 9.1 and 9.4, which are among the worst seen in consumer AI apps this year. RepairIt was keeping user files in unsecured cloud storage without encryption, despite explicitly assuring users their data would not be stored at all.

This is a potential catastrophe because of the attack path. Because RepairIt automatically pulls AI models ...