As many as 10 safety flaws have been uncovered in Google’s Fast Share knowledge switch utility for Android and Home windows that may very well be assembled to set off distant code execution (RCE) chain on methods which have the software program put in.
“The Fast Share software implements its personal particular application-layer communication protocol to assist file transfers between close by, suitable units,” SafeBreach Labs researchers Or Yair and Shmuel Cohen stated in a technical report shared with The Hacker Information.
“By investigating how the protocol works, we had been in a position to fuzz and determine logic inside the Fast Share software for Home windows that we may manipulate or bypass.”
The result’s the invention of 10 vulnerabilities – 9 affecting Fast Share for Home windows and one impacting Android – that may very well be customary into an “revolutionary and unconventional” RCE assault chain to run arbitrary code on Home windows hosts. The RCE assault chain has been codenamed QuickShell.
The shortcomings span six distant denial-of-service (DoS) flaws, two unauthorized information write bugs every recognized in Android and Home windows variations of the software program, one listing traversal, and one case of pressured Wi-Fi connection.
The problems have been addressed in Fast Share model 1.0.1724.0 and later. Google is collectively monitoring the issues underneath the beneath two CVE identifiers –
- CVE-2024-38271 (CVSS rating: 5.9) – A vulnerability that forces a sufferer to remain related to a short lived Wi-Fi connection created for sharing
- CVE-2024-38272 (CVSS rating: 7.1) – A vulnerability that enables an attacker to bypass the settle for file dialog on Home windows
Fast Share, previously Close by Share, is a peer-to-peer file-sharing utility that enables customers to switch images, movies, paperwork, audio information or complete folders between Android units, Chromebooks, and Home windows desktops and laptops in shut proximity. Each units should be inside 5 m (16 toes) of one another with Bluetooth and Wi-Fi enabled.
In a nutshell, the recognized shortcomings may very well be used to remotely write information into units with out approval, power the Home windows app to crash, redirect its visitors to a Wi-Fi entry level underneath an attacker’s management, and traverse paths to the consumer’s folder.
However extra importantly, the researchers discovered that the flexibility to power the goal gadget into connecting to a special Wi-Fi community and create information within the Downloads folder may very well be mixed to provoke a sequence of steps that in the end result in distant code execution.
The findings, first introduced at DEF CON 32 immediately, are a fruits of a deeper evaluation of the Protobuf-based proprietary protocol and the logic that undergirds the system. They’re important not least as a result of they spotlight how seemingly innocent identified points may open the door to a profitable compromise and will pose critical dangers when mixed with different flaws.
“This analysis reveals the safety challenges launched by the complexity of a data-transfer utility trying to assist so many communication protocols and units,” SafeBreach Labs stated in a press release. “It additionally underscores the essential safety dangers that may be created by chaining seemingly low-risk, identified, or unfixed vulnerabilities collectively.”