As many as 10 safety flaws have been uncovered in Google’s Fast Share information switch utility for Android and Home windows that may very well be assembled to set off distant code execution (RCE) chain on programs which have the software program put in.
“The Fast Share utility implements its personal particular application-layer communication protocol to help file transfers between close by, suitable gadgets,” SafeBreach Labs researchers Or Yair and Shmuel Cohen mentioned in a technical report shared with The Hacker Information.
“By investigating how the protocol works, we had been in a position to fuzz and establish logic inside the Fast Share utility for Home windows that we may manipulate or bypass.”
The result’s the invention of 10 vulnerabilities – 9 affecting Fast Share for Home windows and one impacting Android – that may very well be long-established into an “modern and unconventional” RCE assault chain to run arbitrary code on Home windows hosts. The RCE assault chain has been codenamed QuickShell.
The shortcomings span six distant denial-of-service (DoS) flaws, two unauthorized recordsdata write bugs every recognized in Android and Home windows variations of the software program, one listing traversal, and one case of compelled Wi-Fi connection.
The problems have been addressed in Fast Share model 1.0.1724.0 and later. Google is collectively monitoring the issues beneath the beneath two CVE identifiers –
- CVE-2024-38271 (CVSS rating: 5.9) – A vulnerability that forces a sufferer to remain related to a brief Wi-Fi connection created for sharing
- CVE-2024-38272 (CVSS rating: 7.1) – A vulnerability that enables an attacker to bypass the settle for file dialog on Home windows
Fast Share, previously Close by Share, is a peer-to-peer file-sharing utility that enables customers to switch pictures, movies, paperwork, audio recordsdata or whole folders between Android gadgets, Chromebooks, and Home windows desktops and laptops in shut proximity. Each gadgets should be inside 5 m (16 ft) of one another with Bluetooth and Wi-Fi enabled.
In a nutshell, the recognized shortcomings may very well be used to remotely write recordsdata into gadgets with out approval, drive the Home windows app to crash, redirect its site visitors to a Wi-Fi entry level beneath an attacker’s management, and traverse paths to the person’s folder.
However extra importantly, the researchers discovered that the flexibility to drive the goal system into connecting to a unique Wi-Fi community and create recordsdata within the Downloads folder may very well be mixed to provoke a series of steps that finally result in distant code execution.
The findings, first introduced at DEF CON 32 at present, are a fruits of a deeper evaluation of the Protobuf-based proprietary protocol and the logic that undergirds the system. They’re vital not least as a result of they spotlight how seemingly innocent identified points may open the door to a profitable compromise and will pose critical dangers when mixed with different flaws.
“This analysis reveals the safety challenges launched by the complexity of a data-transfer utility trying to help so many communication protocols and gadgets,” SafeBreach Labs mentioned in an announcement. “It additionally underscores the important safety dangers that may be created by chaining seemingly low-risk, identified, or unfixed vulnerabilities collectively.”
