Printed from http://www.electronista.com

Researcher finds NFC exploits in Android, Nokia smartphones

updated 07:40 am EDT, Thu July 26, 2012

Charlie Miller highlights security flaws in NFC devices

A software security researcher has used the 2012 Black Hat security conference to demonstrate NFC security vulnerabilities in both Android and Nokia smartphones, according to CNet. Security expert Charlie Miller showed how NFC tags can be used to direct users to a maliciously crafted websites without a user's consent. A hacker could, for example, replace an NFC tag embedded in a billboard ad designed to give a customer more information about a product to carry out the attack.

Previous NFC hacks have involved an attacker using a hidden NFC tag to 'skim' data from nearby NFC users who have left the function activated on their device. Miller showed how, when directed to a malicious website, he could download and install a virus to attack a security hole in the Android browser to read cookies and view the webpages visited by the unsuspecting user. Ultimately, Miller said the attack could allow the hacker to take control of a user's handset.

Miller said he that he could exploit an NFC vulnerability in Nokia's N9, MeeGo-powered handset. When NFC is enabled on the device, it will, by default, accept any NFC request without user permission. Miller was able to use the vulnerability to establish a Bluetooth connection, even if Bluetooth is switched off on the N9. This could allow a hacker to make phone calls, send text messages and even download data unbeknownst to the N9 owner.

Miller acknowledged that the threat could only be exploited if an attacker was able to get within a few centimeters of affected devices. Further, the vulnerability was closed off in Android 4.0, however it continues to affect users of Android 2.3 (Gingerbread). With over 60 percent of users still running that version of the OS, that leaves many millions of users vulnerable to NFC attacks. Miller passed his findings to both Google and Nokia, but they have not commented on the matter with him.



By Electronista Staff
Post tools:

TAGS :

toggle

Comments

  1. Andrew Fox

    Fresh-Faced Recruit

    Joined: 07-26-12

    "With over 60 percent of users still running that version of the OS, that leaves many millions of users vulnerable to NFC attacks"

    Sensationalism at its finest. Hardly any phones even have NFC to begin with, and those that do are usually already on ICS or Jelly Bean so unaffected by the exploit.
    There's definitely not millions of users vulnerable.

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Sponsor

Recent Reviews

Razer Taipan mouse

The list of gaming devices is growing larger with each passing day. A large number of companies have entered the gaming input arena, a ...

Cambridge Audio DacMagic XS

Every computer with a microphone or headphone port has one -- a digital to analog converter (DAC). There are nearly as many chipsets a ...

D-Link Wi-Fi Smart Plug

Home automation fans have been getting their fair share of gadgets and accessories in the last few years. Starting with light bulbs, a ...

Sponsor

toggle

Most Commented

 
toggle

Popular News