updated 07:40 am EDT, Thu July 26, 2012
Charlie Miller highlights security flaws in NFC devices
A software security researcher has used the 2012 Black Hat security conference to demonstrate NFC security vulnerabilities in both Android and Nokia smartphones, according to CNet. Security expert Charlie Miller showed how NFC tags can be used to direct users to a maliciously crafted websites without a user's consent. A hacker could, for example, replace an NFC tag embedded in a billboard ad designed to give a customer more information about a product to carry out the attack.
Previous NFC hacks have involved an attacker using a hidden NFC tag to 'skim' data from nearby NFC users who have left the function activated on their device. Miller showed how, when directed to a malicious website, he could download and install a virus to attack a security hole in the Android browser to read cookies and view the webpages visited by the unsuspecting user. Ultimately, Miller said the attack could allow the hacker to take control of a user's handset.
Miller said he that he could exploit an NFC vulnerability in Nokia's N9, MeeGo-powered handset. When NFC is enabled on the device, it will, by default, accept any NFC request without user permission. Miller was able to use the vulnerability to establish a Bluetooth connection, even if Bluetooth is switched off on the N9. This could allow a hacker to make phone calls, send text messages and even download data unbeknownst to the N9 owner.
Miller acknowledged that the threat could only be exploited if an attacker was able to get within a few centimeters of affected devices. Further, the vulnerability was closed off in Android 4.0, however it continues to affect users of Android 2.3 (Gingerbread). With over 60 percent of users still running that version of the OS, that leaves many millions of users vulnerable to NFC attacks. Miller passed his findings to both Google and Nokia, but they have not commented on the matter with him.