协议窥探:AirDrop 与 Quick Share 中的漏洞研究
Protocol Prying: Vulnerability Research in AirDrop and Quick Share

原始链接: https://arxiv.org/abs/2606.26967

本研究论文首次对专有的苹果 AirDrop 和安卓 Quick Share 文件传输协议进行了全面的安全性分析。鉴于这些服务在全球拥有超过五十亿台设备,且均支持零点击访问,它们构成了重大的攻击面。 作者进行了一项广泛的跨平台研究,通过逆向工程剖析了 AirDrop 复杂的七层状态机,并开发了名为“AIRFUZZ”的协议感知型模糊测试工具,旨在对压缩前的数据进行变异测试。调查发现,在各种实现方案中存在六个关键漏洞(V1–V6): * **苹果 AirDrop:** 三个预认证缺陷,包括拒绝服务 (DoS) 和内存损坏问题。 * **三星 Quick Share:** 两个协议层缺陷,包括一个安全加密绕过漏洞。 * **谷歌 Quick Share (Windows版):** 一个堆释放后使用 (use-after-free) 漏洞。 研究人员已向相关厂商负责任地披露了这些发现。苹果、三星和谷歌均已确认报告,其中谷歌还为在其 Windows 实现中发现的漏洞提供了赏金奖励。这项工作凸显了对未公开且具备高权限的近场通信协议进行安全性审查的迫切需要。

```Hacker News新 | 过往 | 评论 | 提问 | 展示 | 招聘 | 提交登录协议窥探:AirDrop 和 Quick Share 中的漏洞研究 (arxiv.org)4 点 由 logickkk1 于 1 小时前发布 | 隐藏 | 过往 | 收藏 | 讨论 帮助 指南 | 常见问题 | 列表 | API | 安全 | 法律 | 加入 YC | 联系 搜索:```
相关文章

原文

[Submitted on 25 Jun 2026]

View a PDF of the paper titled Protocol Prying: Systematic Vulnerability Research in the Apple AirDrop and Android Quick Share Proximity Transfer Protocols, by Arash Ale Ebrahim and 1 other authors

View PDF HTML (experimental)
Abstract:Apple AirDrop and Google/Samsung Quick Share are proximity file-transfer protocols used by over five billion devices, yet their application-layer security properties remain largely unstudied because both stacks are proprietary and undocumented. Both protocols are reachable from wireless proximity without any prior pairing and process complex serialized content (binary plists, CPIO archives, Protocol Buffers, UKEY2 handshakes) inside privileged daemons, making them attractive zero-click targets across multiple operating systems. We perform the first cross-platform reverse engineering and protocol-aware fuzzing study of both stacks. We reconstruct AirDrop's seven-layer state machine and DVZip adaptive compression from binary analysis, build AIRFUZZ, a protocol-aware fuzzer that mutates pre-compression representations, and complement it with targeted hand-written analyses of Samsung's Quick Share service and Google's Quick Share for Windows. We discover six vulnerabilities (V1-V6): three pre-authentication issues in macOS/iOS AirDrop (V1: Swift fatalError DoS in the HTTP path router; V2: unbounded XML plist recursion in Foundation; V3: NULL dereference in this http URL's HTTP/1.1 parser), two protocol-layer flaws in Samsung Quick Share (V4: pre-authentication OfflineFrame dispatch; V5: D2D encryption bypass for three frame types), and a heap use-after-free in Google Quick Share for Windows (V6) for which Google awarded a bounty. We responsibly disclosed all findings, and Apple, Samsung, and Google have acknowledged the reports.
From: Arash Ale Ebrahim [view email]
[v1] Thu, 25 Jun 2026 12:40:13 UTC (2,523 KB)
联系我们 contact @ memedata.com