Quick Share from Google is a multifunctional utility for data exchange between devices based on Android, Windows, and Chrome OS. It uses a wide range of communication protocols, including Bluetooth, Wi-Fi, Wi-Fi Direct, WebRTC, and NFC, providing fast and convenient transfer of files between compatible devices located in the immediate vicinity.
Initially, Google developed Nearby Share as an analogue of Apple Airdrop. In July 2023, the company launched a version for Windows, expanding the possibilities of interplatform exchange. However, in January 2024, Google announced the merger of Nearby Share with Samsung Quick Share, creating a single solution called Quick Share for Android users. Moreover, Google collaborates with manufacturers such as LG to integrate the new version of Quick Share as a pre-installed application on a PC with Windows.
Despite the apparent simplicity of the concept of file transfer between devices, the implementation of such a system is a complex technical task. Given that this is Google’s first attempt to develop its own Windows application with support for many communication protocols and functionality that goes beyond their main competence in web services, questions arise about potential vulnerability in the version for Windows.
During recent research presented at the conference Def Con 32 in 2024, experts revealed 10 unique vulnerabilities in the Quick Share Windows version. These vulnerabilities allow attackers to carry out remote code (RCE) on devices, which can pose a serious threat to users. Most of the Quick Share code for Windows is in the public domain, which makes the application potentially vulnerable to attacks. In this regard, it is important to take measures to protect data, especially if the application is preinstalled on new PCs.
Google and Samsung have already begun to work on eliminating the identified vulnerabilities and called on all manufacturers of devices and software developers to take part in the protection of user data.