Hasty Briefsbeta

Bilingual

Protocol Prying: Vulnerability Research in AirDrop and Quick Share

6 hours ago
  • #Proximity Transfer Protocols
  • #Reverse Engineering
  • #Vulnerability Research
  • First systematic security study of Apple AirDrop and Google/Samsung Quick Share proximity file-transfer protocols, used by over 5 billion devices.
  • Reverse-engineered AirDrop's seven-layer state machine and DVZip compression, and built AIRFUZZ for protocol-aware fuzzing.
  • Discovered six vulnerabilities: three in AirDrop (e.g., Swift DoS, XML recursion), two in Samsung Quick Share (e.g., encryption bypass), and one in Google Quick Share for Windows (heap use-after-free).
  • Responsible disclosure led to acknowledgments from Apple, Samsung, and Google, with a bounty awarded for one vulnerability.