Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Explore a comprehensive security research presentation that reveals critical vulnerabilities in Google's Quick Share file-sharing protocol. Learn how researcher Or Yair uncovered 10 security flaws affecting both Windows and Android versions of Quick Share, including the ability to remotely write files without user approval, crash applications, redirect network traffic, and perform path traversal attacks. Discover the development of custom tools including hooks for studying the Protobuf-based protocol, communication tools for interacting with Quick Share devices, and a specialized fuzzer that identified crashes in the Windows application. Understand the methodology behind transitioning from crash discovery to logic vulnerability research, which proved far more fruitful than initially anticipated. Examine the QuickShell attack chain, a sophisticated Remote Code Execution (RCE) exploit that combines five of the discovered vulnerabilities to achieve code execution on Windows systems. Gain insights into Quick Share's underlying protocol architecture, fuzzing techniques for mobile file-sharing applications, and a novel HTTPS man-in-the-middle attack method. This technical deep-dive demonstrates how seemingly benign file-sharing features can harbor serious security implications and showcases advanced vulnerability research methodologies in modern cross-platform applications.
