AirDrop and Quick Share Vulnerabilities Expose Devices to Crashes and Security Bypasses
Recent research has unveiled six significant security vulnerabilities in Apple’s AirDrop and Samsung’s Quick Share, two wireless features designed for seamless file sharing between nearby devices. These flaws could allow attackers within wireless range to exploit the systems, potentially leading to crashes and unauthorized access.
Overview of the Vulnerabilities
The vulnerabilities identified by researchers Arash Ale Ebrahim and Nils Ole Tippenhauer from the CISPA Helmholtz Center for Information Security highlight critical weaknesses in the way these technologies handle file transfers. An attacker equipped with a laptop can disrupt the sharing service on a Mac or iPhone that is set to receive files from anyone, without any prior connection or user interaction.
The research indicates that Quick Share is also susceptible to flaws that bypass Samsung’s session checks, which could lead to a crash in Google’s Windows application. Both AirDrop and Quick Share operate within a vast ecosystem of over five billion active Apple and Android devices, although the vulnerabilities are specific to certain implementations and versions.
Technical Details and Implications
The findings, detailed in a research paper, mark the first comprehensive examination of both technologies side by side, focusing on the layers above the radio interface where session handling, parsing, and trust decisions occur. The implications of these vulnerabilities extend beyond mere crashes; they expose devices to potential exploitation.
Apple has already initiated fixes for one of the three identified AirDrop vulnerabilities, assigning it a Common Vulnerabilities and Exposures (CVE) identifier, although the advisory is not yet public. The remaining two vulnerabilities are still undergoing coordinated disclosure. Google has acknowledged the Windows flaw, paid a bounty, and implemented a code fix, with its CVE status pending. Samsung’s vulnerabilities have been reported to Google and are currently under investigation, with no known instances of exploitation reported.
Mechanisms of Attack on AirDrop
The three vulnerabilities in AirDrop all lead to a crash of the sharingd service, which manages not only AirDrop but also AirPlay, Handoff, Universal Clipboard, Continuity Camera, and NameDrop. A single malformed request sent to a device configured to receive files from “Everyone” can trigger a denial of service. By continuously sending these crash messages, an attacker can effectively disable the sharing capabilities for as long as the attack persists.
Two of the vulnerabilities extend beyond AirDrop, residing within shared Apple frameworks. The most notable is a stack overflow in the XML property list parser, which can be triggered by a small file containing approximately 200 nested layers. This vulnerability could affect any Apple application that opens untrusted files of that type across multiple operating systems, including macOS, iOS, watchOS, tvOS, and visionOS.
Quick Share Vulnerabilities and Their Consequences
On the Android platform, two vulnerabilities in Samsung’s Quick Share allow attackers to bypass the handshake process that secures sessions. One vulnerability permits an unverified device to initiate a connection before encryption is established, while the other allows unencrypted control messages to pass even after a secure session is initiated. An attacker on the same Wi-Fi network could exploit these gaps to manipulate the connection state or receive attacker-supplied IP and port values, undermining the system’s security assurances.
The most critical flaw resides in Google’s Quick Share for Windows, where a memory bug can occur when two connections collide at a specific moment, causing the application to use a portion of memory that has already been released. This type of vulnerability can potentially be exploited to execute arbitrary code, particularly since a Windows defense mechanism known as Control Flow Guard is disabled in the application.
Google has confirmed the crash but has not yet developed a working exploit. The company has acknowledged the issue, provided a bounty, and implemented a fix, with the CVE status still pending. This is not the first time Quick Share for Windows has faced vulnerabilities; previous reports have identified multiple bugs that have required ongoing attention.
Localized Risk Assessment
The vulnerabilities present a localized risk rather than a widespread threat. Attackers must be within approximately 10 to 30 meters of the target device or connected to the same local network to exploit these vulnerabilities. While this limitation reduces the scope of potential attacks compared to remote vulnerabilities, it still poses a significant risk in crowded environments such as airports, train stations, or conferences.
The researchers have made their testing tools publicly available, allowing other security teams to replicate their findings. Users are advised to install the latest updates from Apple, which include fixes for these vulnerabilities, and to adjust their AirDrop settings to “Contacts Only” or disable it entirely when not in use. For Quick Share users, it is recommended to limit visibility to “Contacts Only” and ensure the Windows application is updated following Google’s patch.
Conclusion
The identification of these vulnerabilities in AirDrop and Quick Share underscores the importance of robust security measures in file-sharing technologies. As these systems become increasingly integrated into daily life, the need for continuous monitoring and prompt patching of vulnerabilities is critical. The ongoing developments in this area will be closely watched by cybersecurity professionals and users alike.
Source: thehackernews.com
Keep reading for the latest cybersecurity developments, threat intelligence and breaking updates from across the Middle East.
