NFC flaw allows easy hacking of Android and Nokia phones

NFC flaw allows easy hacking of Android and Nokia phones
All right, we should qualify this right out of the box: this flaw in NFC can allow pretty easy hacking of devices, but of course because of the way NFC works, the hacker needs to be really really really close to you in the first place, which does help to mitigate the security threat a bit. Still, Charlie Miller showed off a pretty easy hack at the Black Hat security conference using Samsung Android handsets and Nokia MeeGo handsets. 

Of course, as we said, the attacking device (either a standalone chip, or other NFC-enabled device) has to be just a few centimeters from the target device in order to use the NFC exploit. The hack works by beaming malicious code wirelessly to the target device, and once deployed the code will exploit a known vulnerability through files or webpages in a document reader or browser, or even in the operating system itself. So, essentially, the NFC exploit is really just an extremely easy delivery system for malicious code rather than a direct exploit of the systems. 

The exploit was shown on a Nexus S running Android 2.3 Gingerbread, and a Galaxy Nexus running Android 4.0 Ice Cream Sandwich. It's unclear how the new security features of Jelly Bean factor into this. The exploit was also shown on the Nokia N9. The basic problem is that once NFC interactions are enabled (default on with Android, but default off in MeeGo), all files are automatically accepted without any options by users to refuse files. Since files are automatically accepted, it makes it much easier to load malicious code on a target device, assuming you can get close enough to do so. 

source: Ars Technica

FEATURED VIDEO

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.
FCC OKs Cingular's purchase of AT&T Wireless