New Security Vulnerabilities Found in Google’s Quick Share Tool
Recent research has revealed the existence of up to ten security vulnerabilities within Google’s Quick Share data transfer application, utilized across both Android and Windows platforms. These flaws pose a significant risk, as they could potentially be exploited to initiate a remote code execution (RCE) scenario on any system using the software. The findings were disclosed by researchers from SafeBreach Labs, who conducted an in-depth analysis of the application’s communication protocols.
According to the technical report provided to The Hacker News, the Quick Share application employs a unique application-layer protocol designed specifically for facilitating file transfers between compatible devices in close proximity. The researchers, Or Yair and Shmuel Cohen, examined the protocol’s functionality, leading to the identification of logic that could be manipulated within the Windows version of Quick Share. This exploration culminated in the discovery of vulnerabilities that, when leveraged, could create an innovative chain of RCE attacks dubbed "QuickShell."
The vulnerabilities identified include a mix of issues affecting both Windows and Android versions of Quick Share, with nine flaws targeting the former and one the latter. Collectively, these vulnerabilities enable attackers to execute arbitrary code on Windows hosts, enhancing their control and reach into user systems. The range of identified weaknesses spans remote denial-of-service flaws, unauthorized file write vulnerabilities on both platforms, a directory traversal issue, and a forced Wi-Fi connection vulnerability.
Google has taken action to address these vulnerabilities in Quick Share version 1.0.1724.0 and subsequent updates. The vulnerabilities are being tracked under two Common Vulnerability and Exposure (CVE) identifiers: CVE-2024-38271, which carries a CVSS score of 5.9 and relates to a forced connection to a temporary Wi-Fi for sharing, and CVE-2024-38272, rated significantly higher at 7.1 for its potential to bypass file acceptance dialogues in Windows.
Quick Share, previously known as Nearby Share, allows users to seamlessly exchange files such as images, documents, and videos within a 5-meter range. This peer-to-peer functionality requires both devices to have Bluetooth and Wi-Fi capabilities enabled. However, the complexity underlying such a utility, while promoting convenience, also opens up potential security gaps that malicious actors could exploit.
The vulnerabilities discussed are notably concerning as they could enable unauthorized file transfers, force app shutdowns, redirect user activity to compromised access points, and traverse directory paths to gain unauthorized access to user folders. More alarmingly, researchers determined that the combination of forcing device connections to rogue Wi-Fi networks while gaining write access to crucial directories could establish a multi-step approach leading to RCE.
Such research findings were prominently presented at DEF CON 32, emphasizing the significant risks posed by the intricate nature of data transfer utilities that accommodate numerous communication protocols. This situation illustrates the critical security challenges that can arise from clustering seemingly benign vulnerabilities, underscoring the importance of adopting a robust cybersecurity posture.
As business owners assess their security strategies, understanding the implications of these vulnerabilities is vital. Recognizing the potential tactics described in the MITRE ATT&CK framework, such as initial access, privilege escalation, and persistence methods, is essential when evaluating and fortifying their systems against such multi-faceted threats. In a rapidly evolving cyber landscape, staying informed and adopting proactive security measures remains crucial for mitigating the risks associated with data transfer tools.
