Nokia and Samsung devices hacked due to NFC flaw

Nokia and Samsung devices hacked due to NFC flaw
During the Black Hat security conference this week, both Nokia and Samsung devices were hacked due to an NFC vulnerability.

NFC, which is still in its infancy, is now becoming a standard on new smartphones and analysts expect NFC to be used in $180 billion worth of consumer purchases by 2017.



Charlie Miller, a principal research consultant at security firm Accuvant, hacked a Samsung Nexus S, a Galaxy Nexus and a Nokia N9: "It turns out that through NFC, using technology like Android Beam or NDEF [NFC Data Exchange Format] content sharing, one can make some phones parse images, videos, contacts, office documents, even open up Web pages in the browser, all without user interaction."

NFC-based mobile systems have been slow to adoption, with the number one reason usually being security.

Most companies offer at least one NFC-enabled phone, and the big hitter, Apple, is expected to add the functionality with their upcoming iPhone 5 in October.

In his demonstration, Miller used NFC to send someone else's phone to a malicious website: "If I walk up to your phone and touch it, or I just get near it, your Web browser, without you doing anything, will open up and go to a page that I tell it to."

Additionally, a concealed NFC tag placed on a payment terminal or other legitimate NFC-enabled device can be used to take control of the device, as long as they are unlocked.

These issues will certainly need to be resolved before NFC can become mainstream.

Written by: Andre Yoskowitz @ 27 Jul 2012 19:34
Tags
Samsung Nokia hacking NFC black hat
Advertisement - News comments available below the ad
  • 2 comments

  • 21Q

    Even though it is WIDELY used in Japan.

    Check out my "PS2 Slim Internal HDD" Its a slim ps2 with an internal hdd! Here
    Also Check Out My "Pc In An Xbox" Mod. Theres a whole Pc inside of it! Here

    27.7.2012 22:43 #1

  • xtago

    LoL, that's what Sbeam is meant to do.

    It's for sending stuff between samsung devices, you also have android beam but it's more for small files and images and contacts type stuff.

    Where as Sbeam which is what this guy is using allows you to send multi gig files pics contacts games files etc.

    So it's not a hack just getting sbeam to do stuff you wouldn't expect it to allow but does anyway it displays a warning that you can do what this guy did when you turn it out everytime.

    But iof you don't have NFC turned on or don't have the NFC battery if your device uses that for NFC well this "hack" doesn't work what so ever.

    Also Australia has NFC at all Eftpos machines now and starting to get a trickle of NFC credit cards coming through now, 1 bank has an app which can use NFC to pay for stuff via your phone at the eftpos machines.

    Here NFC eftpos machines have been around for just over a year but you couldn't really use them as you wouldn't have had a credit card or apps to make use of it.

    Google wallet works here as well but you need to root your phone as Google only allow it for the USA so you need to hack google wallet to fool it into working.

    28.7.2012 20:51 #2

© 2024 AfterDawn Oy

Hosted by
Powered by UpCloud