当前位置:首页 > 报告详情

QuickShell:分享即关爱——针对 QuickShare 的远程代码执行攻击链.pdf

上传人: 竿*** 编号:981756 2025-11-29 113页 7.12MB

1、Sharing is caring about an RCE attack chain on Quick Share Security Research Team Lead at SafeBreach 7?years in Security Research Past research in Linux,embedded,Android 4 years Windows research 6?years in Security Industry Past APT Malware Researcher 4?years Windows research Why Quick Share Protoco

2、l Overview Fuzzing Research Approach Shift?Vulnerability Discovery RCE Chain Takeaways GitHub?Q&A“were working with leading PC manufacturers like LG to expand Quick Share to Windows PCs as a pre-installed app.”Google:Various communication methods 1st time by Google on Windows 2019 by Daniele Antonio

3、li,Nils Ole Tippenhauer,Kasper Rasmussen:“Nearby Threats:Reversing,Analyzing,and Attacking Googles Nearby Connections on Android”About Nearby Connections API Only Android No CVEs https:/francozappa.github.io/publication/rearby/paper.pdf Contain part of the code for Quick Share for Windows New Window

4、s App?New App New vulns Windows app will be pre-installed Various communication methods?Various attack vectors Googles first Windows app to use these APIs Some of the code is open-source No CVEs Finding the communication functions?Send&Recv:offline_wire_formats.proto stHooking Quick Share to sniff s

5、ent and received Offline Frames on Windows Nearby Connections API Quick Share Implementation Protobuf Based Encryption?Googles Ukey2 Advertisement based on Service ID Multiple Connections Strategies P2P,Star,Cluster CONNECTION_REQUEST Ukey2 Client Init Ukey2 Handshake Completed CONNECTION_REQUEST Uk

6、ey2 Server Init Ukey2 Client Finish Ukey2 Client Init Ukey2 Key Exchange Proprietary communication begins CONNECTION_REQUEST Connection Response Connection Response Ukey2 Key Exchange Proprietary communication begins CONNECTION_REQUEST Connection Response Connection Response Enforces“Contacts”and“Yo

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
根据报告的内容,全文主要内容概括如下: - **Quick Share 安全漏洞**:Quick Share 在 Windows 和 Android 平台存在多个安全漏洞,包括远程代码执行(RCE)、未经授权的文件写入、强制WiFi连接、目录遍历和远程拒绝服务(DoS)等。 - **漏洞利用**:研究人员通过构建漏洞利用链,展示了如何利用这些漏洞进行攻击,例如通过中间人攻击(MITM)执行远程代码。 - **Google 的响应**:Google 已对报告的漏洞进行了修复,并部署了补丁。这些漏洞尚未在野外被利用。 - **CVE 编号**:CVE-2024-38271(强制WiFi连接)和 CVE-2024-38272(文件批准对话框绕过)是修复的漏洞。 - **研究意义**:强调了即使是看似简单的漏洞也可能导致严重的安全问题,提醒厂商和组织不应低估这些漏洞。
RCE漏洞链揭秘!" 安全漏洞大揭秘!" 如何防范未授权文件写入?"
客服
商务合作
小程序
服务号
折叠