p2p mobile application

The researchers found that P2P mobile file transfer applications were vulnerable

Security researchers have found that security vulnerabilities in popular smartphone manufacturers’ direct file transfer applications allow to send malicious files to mobile devices.

In a study of the equivalent (P2P) file-sharing capabilities of Android phones made by Huawei, LG and Xiaomi, Doyensec application security engineer Lorenzo Stella discovered shared design flaws that make it easy for malicious applications to hijack transport sessions.

Access the file sharing service
Previous research on wiFi Direct protocols has focused on network architecture, covering discovery and connectivity processes as well as various frame formats.

“Instead, we focused on what happened between the two devices, especially after creating a local P2P WiFi connection between the application layers, and analyzed the many custom Android ROM file transfer applications available from various vendors,” Stella told The Daily Swig.

The XML mutation vulnerability in the recommended Go programming language may cause bypass

Most OEMs use file transfer controllers or clients (FTCs) and file transfer servers (FTS) to establish WiFi connections between devices, manage sessions, and transfer files.

In the study, Stella found that after establishing a P2P WiFi connection, its interface would be available to every application with android.permission.INTERNET.

“As a result, local applications can interact with FTS and FTC services generated by file-sharing applications on local or remote device clients, opening the door to multiple attacks,” Stella wrote in a blog post detailing the vulnerabilities.

Hijack a file sharing session
Stella found that after creating a session on the LG phone’s P2P file sharing feature SmartShare Beam, sending files to the receiving port did not require authentication.

The service also uses hard-coded receive ports and generates its session ID from a small pool of random numbers. This makes it easy for a malicious app to hijack a file transfer session and send malicious files to the receiving device.

“When a P2P WiFi connection is established (for example, when a user wants to send a file), any other application running on the user’s device can use the P2P interface to interfere with the transfer,” Stella said.

“For LG SmartShare Beam, we found that end users do not need authorization to push files to remote or local devices.”

Digital blocks of color
Two-way TLS using each session certificate can prevent certain attacks

In a blog post, Stella also noted that an attacker could change the name of a sent file or send multiple files in a single transaction.

Huawei’s Shared service does not have the same design flaws, but there are stability issues. Third-party applications can cause FTS services to crash and start their own malicious services to hijack file transfer sessions.

“Neither the device user nor the file recipient can detect the crash. Identify multiple crash vectors that use misformatted requests, which makes the service vulnerable and unavailable on the system. Stella wrote.

Finally, Stella checks Xiaomi’s Mi Share feature, which is vulnerable to denial of service (DoS) attacks and has a small number of random sessions.

“The security design of these applications may benefit from several improvements to prevent malicious local applications,” Stella said. “

Stella points out, for example, that adding mutual TLS with certificates for each session can help prevent some of the attacks described because certificates are generated and exchanged through BLE before the P2P network is created and are not renegotiated after the initial connection.

Applications must also avoid unencrypted and unauthensored traffic.

“This still does not guarantee the stability of the service (i.e., if any DoS is found), but it is effective in preventing attacks by malicious applications that attempt to compromise the service,” he said. “

Scattered scenery
P2P WiFi file transfers have been around for 10 years, but device manufacturers have yet to integrate their solutions and insist on using their proprietary applications, making it difficult to secure them.

“While core technologies have always existed, OEMs are still defending their P2P sharing style,” Stella wrote, adding that other mobile file transfer solutions may also be vulnerable to attacks he finds.