Researchers at SafeBreach have identified vulnerabilities in Google’s Quick Share data transfer utility that could enable threat actors to execute man-in-the-middle (MiTM) attacks and send files to Windows devices without user consent. Quick Share is a peer-to-peer file sharing tool designed for Android, Chrome, and Windows, allowing users to transfer files to nearby devices via various communication protocols like Bluetooth and Wi-Fi. Originally launched as Nearby Share on Android and later rebranded after merging with Samsung’s Quick Share, the utility has faced scrutiny for its security flaws.
Upon analyzing Quick Share’s communication protocol, SafeBreach uncovered ten vulnerabilities, including serious issues that facilitate remote code execution (RCE) attacks on Windows systems. Among these defects are unauthorized file write bugs and flaws that could allow attackers to force Wi-Fi connections, conduct directory traversals, and execute remote denial-of-service (DoS) attacks. These vulnerabilities grant malicious actors the capability to remotely send files without approval, crash the Windows application, and redirect traffic to their own access points.
Two critical vulnerabilities, assigned CVEs CVE-2024-38271 and CVE-2024-38272, were highlighted by SafeBreach, with severity scores of 7.1 and 5.9, respectively. The researchers noted that Quick Share’s communication protocol was overly generic, enabling them to bypass the file acceptance dialog on Windows. By sending an introduction packet containing the file without waiting for user acceptance, attackers could successfully transmit files even when devices were configured to accept files only from known contacts.
SafeBreach’s research also revealed that Quick Share could upgrade connections and utilize Wi-Fi hotspots, which could be exploited to sniff traffic from devices. By exploiting the vulnerabilities, researchers could maintain persistent connections and execute MiTM attacks. The findings, presented at the DEF CON 32 conference, highlight the importance of addressing these vulnerabilities promptly to protect users from potential exploits in Quick Share and similar applications.
Reference:
