x PhoneArena is looking for new authors! To view all available positions, click here.
  • Home
  • News
  • NFC flaw allows easy hacking of Android and Nokia phones

NFC flaw allows easy hacking of Android and Nokia phones

Posted: , by Michael H.

Tags:

NFC flaw allows easy hacking of Android and Nokia phones
All right, we should qualify this right out of the box: this flaw in NFC can allow pretty easy hacking of devices, but of course because of the way NFC works, the hacker needs to be really really really close to you in the first place, which does help to mitigate the security threat a bit. Still, Charlie Miller showed off a pretty easy hack at the Black Hat security conference using Samsung Android handsets and Nokia MeeGo handsets. 

Of course, as we said, the attacking device (either a standalone chip, or other NFC-enabled device) has to be just a few centimeters from the target device in order to use the NFC exploit. The hack works by beaming malicious code wirelessly to the target device, and once deployed the code will exploit a known vulnerability through files or webpages in a document reader or browser, or even in the operating system itself. So, essentially, the NFC exploit is really just an extremely easy delivery system for malicious code rather than a direct exploit of the systems. 

The exploit was shown on a Nexus S running Android 2.3 Gingerbread, and a Galaxy Nexus running Android 4.0 Ice Cream Sandwich. It's unclear how the new security features of Jelly Bean factor into this. The exploit was also shown on the Nokia N9. The basic problem is that once NFC interactions are enabled (default on with Android, but default off in MeeGo), all files are automatically accepted without any options by users to refuse files. Since files are automatically accepted, it makes it much easier to load malicious code on a target device, assuming you can get close enough to do so. 

source: Ars Technica

13 Comments
  • Options
    Close




posted on 25 Jul 2012, 13:20 5

1. Lucas777 (Posts: 2121; Member since: 06 Jan 2011)


hmm.. one seemingly easy solution would be to enforce user permission as an option… that way users would have to check the screen and agree to anything nfc-related. it would not be as ideally easy, but it would solve the all-access problem

posted on 25 Jul 2012, 13:26

3. cptbeatstix (Posts: 101; Member since: 19 Jul 2012)


Even then, you still only have a password guarded connection. Encryption would be awesome, but would limit the capabilities of NFC to where it would be pointless to have it. New tech is always going to have flaws.

posted on 25 Jul 2012, 13:25 1

2. cptbeatstix (Posts: 101; Member since: 19 Jul 2012)


This really isn't too major of an issue seeing that distance is the biggest issue. On top of that the NFC would have to be on and I'm willing to bet (for right now) most people won't even be using NFC for a while until more support for it comes later on.

posted on 26 Jul 2012, 01:12

11. nadar.bsm (Posts: 32; Member since: 13 Jul 2012)


u r right... most people dont use NFC... but majority of users dont even know what NFC is.. this is where problem arise... as they dont know what it is.. NFC is turned on(by default on Android) & can be accessed by hackers..... more users know about the TECH the tight the security of the device can be obtained......

posted on 25 Jul 2012, 13:50 3

4. tedkord (Posts: 3932; Member since: 17 Jun 2009)


Fortunately, I keep NFC disabled, just like S-voice.

posted on 25 Jul 2012, 15:37 3

5. Veigald (Posts: 223; Member since: 13 Jan 2012)


Some click-baiting headline... android and "Nokia" phones, when in fact it is one model only, which even has the functionality off as default. And Android is an OS, Nokia a manufacturer, so combining them makes no sense.

Please change this headline to "Android and MeeGo phones" and make better headlines in the future...

posted on 25 Jul 2012, 18:04 1

6. Dunknown (Posts: 80; Member since: 23 Jul 2012)


It is a bit dangerous once more and more people used NFC as a Credit or Debit Card. Hope Nokia could strengthen the security and introduce the NFC payments. This will attract those busy people. At the same time Nokia can venture through the hardship like what it has happen now.

posted on 25 Jul 2012, 18:24 1

7. ChafedBanana (Posts: 352; Member since: 20 Sep 2011)


So then keep NFC turned off.

posted on 25 Jul 2012, 19:53

8. Samsomesh (Posts: 180; Member since: 11 Jun 2012)


Yeah.. keep it off.!

posted on 25 Jul 2012, 21:22

9. Jimstar (Posts: 259; Member since: 24 Oct 2011)


1 of the 3 reasons I don't really care about NFC yet

posted on 25 Jul 2012, 21:41 1

10. moronman66 (Posts: 157; Member since: 09 Jan 2012)


This makes me think perhaps NFC isn't quite as good as I once thought it to be... Well, I'll keep my GNex's NFC turned off until I need to use Wallet then, excellent heads up!

posted on 26 Jul 2012, 07:25 1

12. khiko (Posts: 8; Member since: 07 Apr 2012)


hacking and malware? that's android. lol.. 1.. 2..3.. android fans? attack!

posted on 12 Feb 2013, 06:55

13. omegasoft (Posts: 1; Member since: 12 Feb 2013)


Hi everybody
I recently made an app for reset Cards plus more management tools for mifare cards. I tested it and it is working without error with all types of mifare cards. I suggest you to download and test it by google play.
you can find it by its name in your phone store. Its name in your phone store is: “NFC Ultra Ticket Resetter”
If you download the test project it is free.
Please let me know your comments
thanks

Want to comment? Please login or register.

Latest stories