We all love the potential of NFC, I do and I know many others as well already using it for contactless payments and various other tasks. As always though their is risks and with Near Field Communication it is very much there in today’s Android Smartphones.
A researcher who appeared at the Black Hat security conference has said it’s NFC in devices running the Android and MeeGo were prime for attack quite easily.
Devices made by Samsung and Nokia with the Android and MeeGo OS’s were able to be compromised by Smartphone hacker Charlie Miller. He was able to take control and the hijacking worked by putting the phone a few centimetres away from a quarter sized chip, or also by touching it with another NFC phone. After connection is their to be made, code on the attackers chip or device is then beamed over onto the victims handset, this then can bring access to open malicious files, webpages that exploits vulnerabilities in a document reader or browser, or also sometimes the OS itself depending on the device getting attacked and how open it is security wise.
NFC is becoming big slowly in the US and here in the UK we are not far behind. We crave it and going into the era of a digital wallet undoubtedly brings risk to follow. With NFC we can have contacless payment, share data, control devices and perform pre made tasks via tags for example. For more information on what Near Field Communication is then head over to this page – NFC explained.
Now, the hacker, Charlie Miller, works at a security company called Accuvant and does this to help the industry and not for any harmful reasons. He showed at the Black Hat conference issues in NFC in 3 devices: Two Samsung devices, The Samsung Nexus S and the Galaxy Nexus, both Android. He also used a Nokia N9 running MeeGo.
Speaking to Ars Technica and at the Black Hat conference it becomes clear that Miller found it rather easy to exploit a NFC smartphone pretty easy.
Testing the Android devices found multiple bugs. Ranging from the most used OS with NFC, Gingerbread 2.3 and also 4.0 Ice Cream Sandwich. By simply using a designed tag to take control is all he needed, via an application called Daemon he was able to control NFC tasks and functions. Elaborating more, Miller, then spoke that with this kind of simple knowledge in tow, a designed tag could contain malicious code to execute on a victims device.
In Ice Cream Sandwich and possibly Jelly Bean, it was noted some of these bugs (Maybe all) could of been fixed, but then their is the feature Android Beam. This feature allowed Miller to force his way in and open a browser, visit sites he wanted and without getting permission from the other devices user at all. In the wrong hands, again deadly.
He goes on to say Android has know bugs all over that have remained unpatched and untouched for months and years even. From browser bugs, Beam and NFC, and using the WebKit engine he can exploit the user in similar manners.
Apparently Google didn’t comment.
Are you worried about Android and it’s known security flaws, couple this with NFC and it’s risks involved. Will you be looking to use NFC as a digital wallet and extensively, well maybe now you will think again.
Via: Ars Technica – Black Hat
