As many as 10 safety flaws have been uncovered in Google’s Fast Share knowledge switch utility for Android and Home windows that could possibly be assembled to set off distant code execution (RCE) chain on techniques which have the software program put in.
“The Quick Share application implements its own specific application-layer communication protocol to support file transfers between nearby, compatible devices,” SafeBreach Labs researchers Or Yair and Shmuel Cohen stated in a technical report shared with The Hacker Information.
“By investigating how the protocol works, we were able to fuzz and identify logic within the Quick Share application for Windows that we could manipulate or bypass.”
The result’s the invention of 10 vulnerabilities – 9 affecting Fast Share for Home windows and one impacting Android – that could possibly be usual into an “innovative and unconventional” RCE assault chain to run arbitrary code on Home windows hosts. The RCE assault chain has been codenamed QuickShell.
The shortcomings span six distant denial-of-service (DoS) flaws, two unauthorized recordsdata write bugs every recognized in Android and Home windows variations of the software program, one listing traversal, and one case of compelled Wi-Fi connection.
The problems have been addressed in Fast Share model 1.0.1724.0 and later. Google is collectively monitoring the failings underneath the under two CVE identifiers –
- CVE-2024-38271 (CVSS rating: 5.9) – A vulnerability that forces a sufferer to remain related to a brief Wi-Fi connection created for sharing
- CVE-2024-38272 (CVSS rating: 7.1) – A vulnerability that enables an attacker to bypass the settle for file dialog on Home windows
Fast Share, previously Close by Share, is a peer-to-peer file-sharing utility that enables customers to switch photographs, movies, paperwork, audio recordsdata or total folders between Android units, Chromebooks, and Home windows desktops and laptops in shut proximity. Each units have to be inside 5 m (16 ft) of one another with Bluetooth and Wi-Fi enabled.
In a nutshell, the recognized shortcomings could possibly be used to remotely write recordsdata into units with out approval, pressure the Home windows app to crash, redirect its site visitors to a Wi-Fi entry level underneath an attacker’s management, and traverse paths to the consumer’s folder.
However extra importantly, the researchers discovered that the flexibility to pressure the goal machine into connecting to a special Wi-Fi community and create recordsdata within the Downloads folder could possibly be mixed to provoke a sequence of steps that finally result in distant code execution.
The findings, first introduced at DEF CON 32 as we speak, are a fruits of a deeper evaluation of the Protobuf-based proprietary protocol and the logic that undergirds the system. They’re vital not least as a result of they spotlight how seemingly innocent identified points may open the door to a profitable compromise and will pose critical dangers when mixed with different flaws.
“This research reveals the security challenges introduced by the complexity of a data-transfer utility attempting to support so many communication protocols and devices,” SafeBreach Labs stated in a press release. “It also underscores the critical security risks that can be created by chaining seemingly low-risk, known, or unfixed vulnerabilities together.”