Defects in Wi-Fi fast transfer verification of Jinshan kubernetes for Android
Bugs in the process, non-technical issues, non-trivial flow, not awesome.
Kingsoft kubernetes comes with the wifi fast transfer function. When this function is enabled, port 1080 is opened on the mobile phone. You can access port 1080 in a pc browser in the same LAN and a webpage is obtained. at this time, the pc has established a connection with the mobile phone. You can use this webpage to transfer files to your mobile phone.
Figure 1
The problem is that there is no verification or prompt on the mobile phone. There is only one ip address limit, that is, when a computer is connected to a mobile phone, other computers are no longer allowed to be connected.
More seriously, you only need to enable this function so that the Intranet pc can be connected to the mobile phone:
1. You do not need to click the "Accept file" button on your mobile phone to transfer files to your mobile phone.
2. As long as you do not exit, for example, if you enable this function, you receive a call or press the home Key. Your mobile phone is always open to the Intranet.
In the wifi status, open Kingsoft disk -- set -- wifi fast transmission ,.
Figure 2.
OK. In this case, do not perform any operations. Enter http: // ip address of your mobile phone: 1080/in your pc browser /. For example, 1. you can transmit any file to your mobile phone without prompt, inquiry, or verification code, you don't even need to click the "receive file" button in Figure 2 to receive any file.
Attack Scenario Simulation:
Hackers control a PC in the Intranet, determine an Android mobile phone of the target employee by means of banner, and detect port 1080 in real time. Finally, port 1080 is opened at a certain time, and the program sends an http get request to the port within 0.1 seconds, so that the port can be held and other PCs cannot be connected. The hacker also promptly reported that he had called the phone and said something casually or simply harassed the phone. The purpose was to make the call page cover the Wi-Fi quick transfer page, in this way, the mobile phone owner does not exit Wi-Fi or mistakenly press the home key, which will give hackers more time. Hackers can write html, apk, and other harmful files to their mobile phones and run them with an induced name. If there are files in the sending list, hackers can also obtain these files.
Solution:
Enhanced verification