QuickShell: Sharing is Caring About an RCE Attack Chain on Quick Share
Black Hat Asia 2025 · Day 2 · Briefings
In this compelling presentation, Ora and Coin from SafeBreach unveiled "QuickShell," a sophisticated remote code execution (RCE) attack chain targeting Google's Quick Share application for Windows. Quick Share, Google's answer to Apple's AirDrop, facilitates seamless file transfers between Android devices and, more recently, Windows computers. The research highlighted in this talk reveals a series of critical vulnerabilities that, when chained together, allow an attacker to achieve RCE on a victim's Windows machine with minimal user interaction, effectively turning seemingly minor flaws into a potent exploit.
AI review
This research from SafeBreach is a masterclass in vulnerability chaining, transforming seemingly minor flaws in Google's Quick Share into a potent remote code execution (RCE) attack. The speakers meticulously reverse engineered the Quick Share protocol, uncovered multiple logical vulnerabilities, and ingeniously combined them to achieve RCE with minimal user interaction. The novelty of techniques like persistent MITM via crashing the app, filename inference through HTTPS metadata, and the precise timing attack to overwrite legitimate downloads makes this an exceptional piece of work that any…