ButSpeak.com
News which Matters.
A research team discovered 10 vulnerabilities in Google’s Quick Share utility for Android and Windows, including flaws that could enable remote code execution on targeted systems.
Key Points
- Ten security vulnerabilities were found in Google’s Quick Share utility, including flaws that could lead to remote code execution (RCE).
- The vulnerabilities affect both Windows and Android versions, with a focus on manipulating Quick Share’s proprietary protocol.
- The RCE attack chain, dubbed QuickShell, allows attackers to execute arbitrary code on Windows hosts.
- Google has addressed these issues in Quick Share version 1.0.1724.0 and later, with specific vulnerabilities tracked under CVE-2024-38271 and CVE-2024-38272.
- The research emphasizes the risks posed by chaining low-risk vulnerabilities, highlighting the importance of patching known issues promptly.
A recent investigation by SafeBreach Labs has uncovered 10 security vulnerabilities in Google’s Quick Share data transfer utility, potentially enabling a remote code execution (RCE) attack on systems running the software. The flaws, identified in both the Android and Windows versions of Quick Share, could be exploited by attackers to gain unauthorized control over a victim’s device.
Quick Share, formerly known as Nearby Share, is a popular tool used for transferring files between Android devices, Chromebooks, and Windows computers. The utility allows users to share a wide range of files, including photos, videos, and documents, over a peer-to-peer connection. However, SafeBreach Labs researchers Or Yair and Shmuel Cohen discovered that the application’s proprietary communication protocol could be manipulated, leading to significant security risks.
The vulnerabilities, nine of which affect the Windows version and one impacting Android, span several categories, including remote denial-of-service (DoS) flaws, unauthorized file writes, directory traversal, and forced Wi-Fi connection issues. These flaws can be exploited to force the Quick Share app to crash, write files to the device without user approval, and even redirect network traffic to a Wi-Fi access point under the attacker’s control.
The most concerning outcome of these vulnerabilities is the possibility of chaining them together to execute arbitrary code on a targeted Windows system. This RCE attack chain, referred to as QuickShell, demonstrates how seemingly low-risk vulnerabilities can be combined to achieve a far more dangerous exploit.
The issues were first presented at DEF CON 32, where the researchers explained how they reverse-engineered the Protobuf-based protocol that Quick Share relies on. By doing so, they were able to uncover the logic flaws within the system that could be exploited for malicious purposes.
Google has since addressed these vulnerabilities in Quick Share version 1.0.1724.0 and later. Two specific flaws have been tracked under CVE-2024-38271 and CVE-2024-38272, with CVSS scores of 5.9 and 7.1, respectively. CVE-2024-38271 involves a vulnerability that forces a victim to remain connected to a temporary Wi-Fi network, while CVE-2024-38272 allows an attacker to bypass the file acceptance dialog on Windows.
SafeBreach Labs emphasized the broader implications of their findings, noting that the complexity of a data transfer utility like Quick Share—designed to support multiple communication protocols and devices—can introduce significant security challenges. The research highlights the importance of addressing known vulnerabilities promptly, as even seemingly minor issues can be exploited in combination to create serious security risks.
The discovery of these vulnerabilities serves as a reminder of the critical need for ongoing security research and vigilance in protecting digital tools and platforms from potential threats.
