Researchers from CISPA have identified critical, zero-click vulnerabilities in proximity-based file-transfer protocols, specifically Apple AirDrop and Google/Samsung Quick Share. Utilizing the custom "AIRFUZZ" protocol-aware fuzzer, the study uncovered systemic flaws in how privileged daemons process unauthenticated, complex serialized content such as Binary Plists, CPIO archives, and Protocol Buffers. Exploitation vectors include Swift-based Denial of Service (DoS), XML recursion, and memory corruption via Heap Use-After-Free (UAF). Most significantly, the research demonstrated a complete bypass of Device-to-Device (D2D) encryption in Samsung Quick Share. These vulnerabilities affect over 5 billion devices globally. All affected vendors—Apple, Google, and Samsung—have released patches to remediate these flaws.
-
Research Methodology: Protocol-Aware Fuzzing
- Development of AIRFUZZ, a specialized fuzzer designed to mutate pre-compression representations of proprietary, undocumented protocols.
- Successful reconstruction of the AirDrop seven-layer state machine and analysis of the DVZip adaptive compression algorithm.
- Identification of systemic risks in the processing of complex serialized data (Binary Plists, CPIO, Protocol Buffers) by privileged, unauthenticated daemons.
-
Vulnerability Analysis: Apple AirDrop
- Swift fatalError DoS: Exploitation of the HTTP path router to trigger immediate service termination.
- Unbounded XML Recursion: Targeted the Foundation framework via malicious XML plists to cause resource exhaustion.
- Network.framework Vulnerability: Discovery of a NULL dereference within the HTTP/1.1 parser.
-
Vulnerability Analysis: Quick Share (Samsung & Google)
- Samsung Quick Share Encryption Bypass: Identification of three specific frame types that allow for the total circumvention of D2D encryption.
- Pre-authentication Dispatch: Discovery of an unauthorized OfflineFrame dispatch mechanism (V4).
- Google Quick Share (Windows): Identification of a Heap Use-After-Free (UAF) vulnerability within the Windows-based implementation.
-
Impact and Risk Assessment
- Attack Vector: Wireless proximity-based, zero-click exploitation requiring no prior pairing or user interaction.
- Ecosystem Reach: Potential impact on a global footprint exceeding 5 billion interconnected mobile and desktop devices.
- Security Implications: High-severity risks across Confidentiality (encryption bypass), Integrity (memory corruption), and Availability (DoS).
-
Remediation: Patching and Defense
- Responsible Disclosure: All findings were coordinated through Apple, Samsung, and Google prior to public release.
- Remediation Status: All identified vulnerabilities have been acknowledged and addressed via vendor-specific security updates.
- Defensive Action: Organizations should enforce immediate OS-level updates across all mobile and Windows-based device fleets.
Related posts
- arXiv (Computer Science - Cryptography and Security) — Protocol Prying: Systematic Vulnerability Research in the Apple AirDrop and Android Quick Share Proximity Transfer Protocols
- Cispa
- Bitdefender
- Thehackernews
- News
- Blog
- Macrumors
- Blog
- Netspi
- Binance
- Thedefiant
- Osl
- Cryptopotato
- Bitcoinfoundation
- Cryptoslate
- Tradingview
- Cryptonews
- Youtube
- Playtoearn
- Bittime