Last week, researchers disclosed two new vulnerabilities in Google’s Quick Share utility, re-enabling an RCE chain that allows attackers to wirelessly deliver malware to victim devices. SafeBreach Labs recently disclosed critical security bypasses in Quick Share, highlighting vulnerabilities capable of achieving RCE on Windows devices and forcing permanent Wi-Fi hotspot connections to attacker-controlled networks. These exploits allow attacking devices to deliver malicious payloads silently without prior Quick Share approval.
Quick Share, Google’s peer-to-peer data-transfer utility for Android, Windows, and Chrome OS, leverages multiple communication protocols, including Bluetooth, Wi-Fi, Wi-Fi Direct, WebRTC, and NFC, to transfer files between nearby devices.
Developed initially as Nearby Share, Quick Share was unified with Samsung’s technology in January 2024, aiming to standardize Android file transfers. Windows PCs began shipping pre-installed with the utility, making it a widespread target for malicious actors.
In their initial research, first presented at DEF CON 32 (2024), SafeBreach researchers Shmuel Cohen and Or Yair discovered ten distinct vulnerabilities within Quick Share, which they cleverly assembled into a sophisticated RCE attack chain. These vulnerabilities ranged from unauthorized file writes and directory traversals to forced Wi-Fi connections and denial-of-service (DoS) exploits. Google acknowledged the severity, issuing two notable CVEs: CVE-2024-38271 to force lasting Wi-Fi connections and CVE-2024-38272 for bypassing file transfer approvals.
SafeBreach’s ongoing investigation, presented last week at BlackHat Asia 2025, identified bypasses for Google’s initial fixes, notably CVE-2024-38272, allowing attackers once again to send files directly to user devices without explicit consent. This latest discovery was facilitated by carefully manipulating Quick Share’s file-handling logic, highlighting the persistence and adaptability of vulnerabilities within the wireless transfer protocol. A demo video from SafeBreach’s blog shows the new RCE chain transferring a malicious payload to a victim’s virtual machine.
While Google has released patches to these most recent workarounds, SafeBreach’s Quick Share vulnerability research tools, dubbed QuickShell, are available on GitHub. SafeBreach researchers commented on taking advantage of an accumulated “debt” of vulnerabilities in QuickShare to engineer and re-enable their RCE chain. Organizations face similar wireless vulnerability debts among many other wireless protocols that have proliferated throughout their facilities in recent years. The “hi_my_name_is_keyboard” 0-click keystroke injection vulnerability, presented by Marc Newlin at SchmooCon 2024, took advantage of Bluetooth protocol vulnerabilities in Windows, Android, iOS, macOS, and Linux systems, including Quick Share’s predecessor, Nearby Share. According to Newlin, Android 10 or below devices are unpatchable against this attack.
Much like SafeBreach’s QuickShare RCE workaround, several of the vulnerabilities Newlin discovered had patches available years ago, but devices remained trivially vulnerable to the same exploit.
These findings demonstrate that patching individual vulnerabilities is insufficient when dealing with wireless protocols. Organizations need comprehensive visibility into all wireless activity in their environments to detect potential threats before malicious actors can exploit them.
As wirelessly enabled devices continue to proliferate in enterprise and Government environments, organizations must account for the debt of wireless protocol vulnerabilities they have accumulated. IoT devices, smart sensors, personal cellphones, smart TVs & Bluetooth-enabled workstations are embedded in organizational networks but often communicate over wireless channels that are invisible to traditional network monitoring tools. Bastille’s Wireless Airspace Defense platform offers a solution to this problem by passively analyzing wireless signals in an organization’s airspace in real-time, alerting to and locating unauthorized devices, rogue access points, and sophisticated wireless protocol attacks that bypass traditional security controls.
Visit Bastille Networks to learn more about its Enterprise or Government solutions for protecting against wireless threats, including Wi-Fi, Bluetooth, cellular, and IoT protocols.
