Thursday, 7 January 2021

Hijacking file-sharing sessions

 Stella found that after creating a session on SmartShare Beam, the P2P file-sharing feature of LG phones, sending files to the receiving port requires no authentication. The service also uses a hard-coded receiving port and generates its session IDs from a very small pool of random numbers. This makes it easy for a malicious app to hijack the file transfer session and send a malicious file to the receiving device.

“After a P2P WiFi connection is established (for example, when a user wants to send a file) any other application running on the user’s device is able to use the P2P interface to interfere with the transfer,” Stella said. For LG SmartShare Beam we found that no authorization from the end user was required to push a file to the remote or local device.”In the blog post, Stella also notes that an attacker can change the name of the sent file or send multiple files in a single transaction.

Huawei’s ‘Share’ service didn’t have the same design flaws but suffered from stability issues. A third-party app can cause the FTS service to crash and launch its own malicious service to hijack file transfer sessions. The crashes are undetectable both to the device’s user and to the file recipient. Multiple crash vectors using malformed requests were identified, making the service systemically weak and exploitable,” Stella writes. Finally, Stella examined what do computer engineers do ‘Mi Share’ feature, which was prone to denial-of-service (DoS) attacks and had weak randomized session numbers.

No comments:

Post a Comment

Why it's the ideal opportunity for telecoms to zero in on clients

 Brought together computerized stages can help telecoms players incorporate siloed frameworks, robotize basic administrations and improve cl...