AAPL Stock: 117.81 ( -0.22 )

Printed from

Researcher finds NFC exploits in Android, Nokia smartphones

updated 07:40 am EDT, Thu July 26, 2012

Charlie Miller highlights security flaws in NFC devices

A software security researcher has used the 2012 Black Hat security conference to demonstrate NFC security vulnerabilities in both Android and Nokia smartphones, according to CNet. Security expert Charlie Miller showed how NFC tags can be used to direct users to a maliciously crafted websites without a user's consent. A hacker could, for example, replace an NFC tag embedded in a billboard ad designed to give a customer more information about a product to carry out the attack.

Previous NFC hacks have involved an attacker using a hidden NFC tag to 'skim' data from nearby NFC users who have left the function activated on their device. Miller showed how, when directed to a malicious website, he could download and install a virus to attack a security hole in the Android browser to read cookies and view the webpages visited by the unsuspecting user. Ultimately, Miller said the attack could allow the hacker to take control of a user's handset.

Miller said he that he could exploit an NFC vulnerability in Nokia's N9, MeeGo-powered handset. When NFC is enabled on the device, it will, by default, accept any NFC request without user permission. Miller was able to use the vulnerability to establish a Bluetooth connection, even if Bluetooth is switched off on the N9. This could allow a hacker to make phone calls, send text messages and even download data unbeknownst to the N9 owner.

Miller acknowledged that the threat could only be exploited if an attacker was able to get within a few centimeters of affected devices. Further, the vulnerability was closed off in Android 4.0, however it continues to affect users of Android 2.3 (Gingerbread). With over 60 percent of users still running that version of the OS, that leaves many millions of users vulnerable to NFC attacks. Miller passed his findings to both Google and Nokia, but they have not commented on the matter with him.

by MacNN Staff



  1. Andrew Fox

    Fresh-Faced Recruit

    Joined: 07-26-12

    "With over 60 percent of users still running that version of the OS, that leaves many millions of users vulnerable to NFC attacks"

    Sensationalism at its finest. Hardly any phones even have NFC to begin with, and those that do are usually already on ICS or Jelly Bean so unaffected by the exploit.
    There's definitely not millions of users vulnerable.

Login Here

Not a member of the MacNN forums? Register now for free.


Network Headlines

Follow us on Facebook


Most Popular


Recent Reviews

Ultimate Ears Megaboom Bluetooth Speaker

Ultimate Ears (now owned by Logitech) has found great success in the marketplace with its "Boom" series of Bluetooth speakers, a mod ...

Kinivo URBN Premium Bluetooth Headphones

We love music, and we're willing to bet that you do, too. If you're like us, you probably spend a good portion of your time wearing ...

Jamstik+ MIDI Controller

For a long time the MIDI world has been dominated by keyboard-inspired controllers. Times are changing however, and we are slowly star ...


Most Commented