Google’s Quick Share, a peer-to-peer file-sharing utility designed for Android, Chrome, and Windows devices, has recently been scrutinized due to multiple security vulnerabilities. These flaws could potentially allow attackers to execute remote code and transfer files without user consent, raising significant security concerns.
Understanding Quick Share
Quick Share facilitates seamless file transfers between nearby devices using various communication protocols, including Bluetooth, Wi-Fi, Wi-Fi Direct, WebRTC, and NFC. Initially launched as Nearby Share for Android, it expanded to Windows in July 2023. In January 2024, Google merged this technology with Samsung’s Quick Share, aiming to provide a unified solution for Android users. Collaborations with manufacturers like LG have led to Quick Share being pre-installed on certain Windows devices.
Discovery of Vulnerabilities
Security researchers from SafeBreach conducted an in-depth analysis of Quick Share’s application-layer communication protocol. Their investigation revealed ten distinct vulnerabilities, including:
1. Remote Unauthorized File Write in Quick Share for Windows
2. Remote Unauthorized File Write in Quick Share for Android
3. Remote Forced Wi-Fi Connection in Quick Share for Windows
4. Remote Directory Traversal in Quick Share for Windows
5. Remote Denial-of-Service (DoS) vulnerabilities in Quick Share for Windows
These vulnerabilities could enable attackers to write files remotely without user approval, crash the application, redirect traffic to malicious Wi-Fi access points, and access user directories without authorization.
Exploitation and Attack Chain
By chaining several of these vulnerabilities, researchers devised a remote code execution (RCE) attack targeting Windows devices:
1. Forced Wi-Fi Connection: An attacker could compel a victim’s device to connect to a malicious Wi-Fi network.
2. Application Crash: Utilizing a DoS vulnerability, the attacker crashes Quick Share on the victim’s device, maintaining the connection to the malicious network.
3. Persistent Connection: Due to Quick Share’s scheduled task that restarts the application every 15 minutes, the victim’s device remains connected to the attacker’s network.
4. Man-in-the-Middle (MiTM) Attack: With the victim’s device on the malicious network, the attacker can intercept and manipulate network traffic.
5. Malicious File Injection: The attacker monitors the victim’s downloads and, at the opportune moment, replaces a legitimate executable with a malicious one, leading to code execution when the victim runs the file.
Google’s Response and Patch Bypasses
Upon disclosure, Google addressed the identified vulnerabilities, assigning CVE-2024-38271 and CVE-2024-38272 to the most critical issues. However, researchers later discovered that the initial patches could be bypassed with minimal effort, prompting Google to release additional fixes.
Implications and Recommendations
The discovery of these vulnerabilities underscores the importance of rigorous security assessments, especially for applications facilitating file transfers. Users are advised to:
– Update Regularly: Ensure Quick Share and other applications are updated to the latest versions to benefit from security patches.
– Monitor Network Connections: Be cautious of unexpected network connections and verify the legitimacy of Wi-Fi networks before connecting.
– Exercise Caution with Downloads: Only download files from trusted sources and verify their integrity before execution.
By staying vigilant and proactive, users can mitigate potential risks associated with these vulnerabilities.
