Printed from http://www.electronista.com

Researcher finds NFC exploits in Android, Nokia smartphones

updated 07:40 am EDT, Thu July 26, 2012

Charlie Miller highlights security flaws in NFC devices

A software security researcher has used the 2012 Black Hat security conference to demonstrate NFC security vulnerabilities in both Android and Nokia smartphones, according to CNet. Security expert Charlie Miller showed how NFC tags can be used to direct users to a maliciously crafted websites without a user's consent. A hacker could, for example, replace an NFC tag embedded in a billboard ad designed to give a customer more information about a product to carry out the attack.

Previous NFC hacks have involved an attacker using a hidden NFC tag to 'skim' data from nearby NFC users who have left the function activated on their device. Miller showed how, when directed to a malicious website, he could download and install a virus to attack a security hole in the Android browser to read cookies and view the webpages visited by the unsuspecting user. Ultimately, Miller said the attack could allow the hacker to take control of a user's handset.

Miller said he that he could exploit an NFC vulnerability in Nokia's N9, MeeGo-powered handset. When NFC is enabled on the device, it will, by default, accept any NFC request without user permission. Miller was able to use the vulnerability to establish a Bluetooth connection, even if Bluetooth is switched off on the N9. This could allow a hacker to make phone calls, send text messages and even download data unbeknownst to the N9 owner.

Miller acknowledged that the threat could only be exploited if an attacker was able to get within a few centimeters of affected devices. Further, the vulnerability was closed off in Android 4.0, however it continues to affect users of Android 2.3 (Gingerbread). With over 60 percent of users still running that version of the OS, that leaves many millions of users vulnerable to NFC attacks. Miller passed his findings to both Google and Nokia, but they have not commented on the matter with him.



By Electronista Staff
Post tools:

TAGS :

toggle

Comments

  1. Andrew Fox

    Fresh-Faced Recruit

    Joined: 07-26-12

    "With over 60 percent of users still running that version of the OS, that leaves many millions of users vulnerable to NFC attacks"

    Sensationalism at its finest. Hardly any phones even have NFC to begin with, and those that do are usually already on ICS or Jelly Bean so unaffected by the exploit.
    There's definitely not millions of users vulnerable.

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Sponsor

Recent Reviews

Sound Blaster Roar Bluetooth speaker

There could very well be a new king of the hill for Bluetooth speakers, with Sound Blaster's recent entry into the marketplace. Bringi ...

Kenu Airframe Plus

Simple, stylish and effective, the Kenu Airframe + portable car mount is the latest addition to Kenu's lineup. Released earlier this y ...

Plantronics Rig Surround 7.1 headset

Trying to capture the true soundscape of video games can be a daunting task. Looking to surround-sound home theater options, users hav ...

Sponsor

toggle

Most Commented

 
toggle

Popular News