Unveiling vulnerabilities within Google’s Quick Share Software: A Look into QuickShell

Highlighted in August 2024, ten significant security vulnerabilities were isolated within the intricate framework of Google’s Quick Share data transfer utility. This utility, designed to facilitate file movement across Android and Windows systems, has raised more than mere eyebrows within the world of cybersecurity. The vulnerabilities identified could potentially be composed to deploy a remote code execution (RCE) mechanism. Noticeably, this could infect host systems bearing the Quick Share application.

Or Yair and Shmuel Cohen from SafeBreach Labs led the investigative research, diving into the protocol that supports Quick Share’s functionality. Their analysis and fuzzing tests of the protocol revealed areas within the Windows Quick Share application that were vulnerable to manipulation and bypass. This resulted in the unveiling of 10 specific vulnerabilities. Nine of these vulnerabilities impacted Windows Quick Share and one affected Android, all of which could be morphed into an unconventional RCE attack chain. This chain received the codename, QuickShell.

“This innovative and unconventional RCE attack chain has the potential to run arbitrary code on Windows hosts.”

The vulnerabilities uncovered involved a spectrum of errors ranging from six remote denial-of-service flaws or DoS, two unsolicited file write bugs in both Android and Windows software versions, a folder path traversal instance, and a forced Wi-Fi connection case. These vulnerabilities have since been rectified by Google in Quick Share versions starting at 1.0.1724.0. Google collectively administers these flaws and has adopted two CVE identifiers for tracking potential impact and growth:

CVE-2024-38271 (with a CVSS score of 5.9) describes a vulnerability that constrains a victim to remain connected to a temporary Wi-Fi connection designed for sharing.
CVE-2024-38272 (rated with a CVSS score of 7.1) signifies a vulnerability that enables an attacker to bypass the accept file dialog on Windows.

Once labelled the Nearby Share, Quick Share is a peer-to-peer file-sharing utility. Its purpose assists users in distributing photos, videos, documents, audio files, or entire folders between Android devices, Chromebooks, and Windows desktops and laptops within close distance. The devices need to be within a 5-meter range with both Bluetooth and Wi-Fi functionality enabled.

In essence, these discovered vulnerabilities are potential gateways for remote file writing into devices without user consent, forcing the Windows application to crash, redirecting the application’s traffic to a Wi-Fi access point under the attacker’s rule, and managing to traverse paths to the user’s folder. The forces leading to such vulnerabilities were analyzed at DEF CON 32, pointing to the Protobuf-based proprietary protocol and the underlying system logic as significant reasons.

This is a crucial wake-up call, revealing the potential threats that seemingly harmless known issues could cause. A deeper analysis of these points, when considered in tandem with other flaws, could open doors for successful system compromises and severe risk factors. SafeBreach Labs emphasized in their statement:

“These findings underline the complexity of security challenges introduced in a data-transfer utility supporting so many communication protocols and devices. It further highlights the critical security risks created by chaining known, seemingly low-risk, and unfixed vulnerabilities.”

Need security services for your WordPress site? Contact DrGlenn for protection and recovery. Order Services Today!.