toggle

AAPL Stock: 121.3 ( -1.07 )

Printed from http://www.macnn.com

Researcher finds NFC exploits in Android, Nokia smartphones

updated 07:40 am EDT, Thu July 26, 2012

Charlie Miller highlights security flaws in NFC devices

A software security researcher has used the 2012 Black Hat security conference to demonstrate NFC security vulnerabilities in both Android and Nokia smartphones, according to CNet. Security expert Charlie Miller showed how NFC tags can be used to direct users to a maliciously crafted websites without a user's consent. A hacker could, for example, replace an NFC tag embedded in a billboard ad designed to give a customer more information about a product to carry out the attack.

Previous NFC hacks have involved an attacker using a hidden NFC tag to 'skim' data from nearby NFC users who have left the function activated on their device. Miller showed how, when directed to a malicious website, he could download and install a virus to attack a security hole in the Android browser to read cookies and view the webpages visited by the unsuspecting user. Ultimately, Miller said the attack could allow the hacker to take control of a user's handset.

Miller said he that he could exploit an NFC vulnerability in Nokia's N9, MeeGo-powered handset. When NFC is enabled on the device, it will, by default, accept any NFC request without user permission. Miller was able to use the vulnerability to establish a Bluetooth connection, even if Bluetooth is switched off on the N9. This could allow a hacker to make phone calls, send text messages and even download data unbeknownst to the N9 owner.

Miller acknowledged that the threat could only be exploited if an attacker was able to get within a few centimeters of affected devices. Further, the vulnerability was closed off in Android 4.0, however it continues to affect users of Android 2.3 (Gingerbread). With over 60 percent of users still running that version of the OS, that leaves many millions of users vulnerable to NFC attacks. Miller passed his findings to both Google and Nokia, but they have not commented on the matter with him.




by MacNN Staff

POST TOOLS:

TAGS :

toggle

Comments

  1. Andrew Fox

    Fresh-Faced Recruit

    Joined: 07-26-12

    "With over 60 percent of users still running that version of the OS, that leaves many millions of users vulnerable to NFC attacks"

    Sensationalism at its finest. Hardly any phones even have NFC to begin with, and those that do are usually already on ICS or Jelly Bean so unaffected by the exploit.
    There's definitely not millions of users vulnerable.

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

Follow us on Facebook

toggle

Most Popular

Advertisement

Recent Reviews

HP 14-x030nr 14-inch Chromebook

If you're like us, chances are you've come to realize that you need the ability to access the Internet on the go. Also, you've prob ...

15-inch MacBook Pro with Force Touch

Apple's 15-inch Retina MacBook Pro continues to be a popular notebook with professional users and prosumers looking for the ultimate ...

Typo keyboard for iPad

Following numerous legal shenanigans between Typo -- a company founded in part by Ryan Seacrest -- and the clear object of his physica ...

toggle

Most Commented