#BlackHat: Phones hijacked by malicious NFC tag

Powered by SC Magazine
 

Android, Nokia compromised.

View larger image View larger image View larger image

See all pictures here »

A malicious wireless  tag has been created that can crack an Android phone in seconds.

The tag exploits a vulnerability in near field communication (NFC), a wireless technology popular on Android phones that establishes communication between devices through physical contact.

Well-known Apple hacker and Accuvant researcher Charlie Miller wowed the crowed at Black Hat Las Vegas through a demo that involved infiltrating an Android phone by simply grazing it with a tag embedded with an NFC chip.

Black Hat 2012 coverage

Once the phone was tagged, the browser opened to a phony web page that gave Miller full access to the data on the device. 

The exploited Android vulnerability was already patched by Google, but  Miller also discovered a similar bug in Nokia N9 which runs on the MeeGo platform.

Miller told SC he decided to focus his latest research on the little researched NFC technology because exploiting it does not require user interaction.

"I'm always looking for something to pick on," he said.

Miller believes the lack of in the wild attacks against NFC may be because the technology still isn't prevalent.

"If you imagine a time when you're always paying with your phone, these [attacks] would be everywhere," he said. "Replacing NFC tags with malicious ones are totally realistic. It's the equivalent of ATM skimming."

There is a way to make the technology more secure, such as prompting a user to opt in to each exchange they make, but the solution would affect the convenience of NFC, Miller said.

"You would have to give up some of that convenience to make it more secure," he said.

This article originally appeared at scmagazineus.com

Copyright © SC Magazine, US edition


 
 
 
Top Stories
Change is the only constant at iiNet
iiNet's Matthew Toohey is trialling IBM's Watson - between preparing for an acquisition and making sure Netflix doesn't swamp the network.
 
Why straight-through processing is the holy grail for banks
Big benefits from stripping away human intervention and digitising processes.
 
CBA sued over frozen millions in IT bribery scandal
Eric Pulier's not-for profit lodges lawsuit in US.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest articles on BIT Latest Articles from BIT
New features are coming to Outlook.com
May 27, 2015
Outlook.com, thanks to its predecessor Hotmail.com, is one of the world's major webmail services ...
Windows 10 to feature integrated apps for Android and iOS
May 27, 2015
Microsoft reveals multi-platform Cortana connectivity for Windows 10. What the heck is that, and ...
Microsoft launches Office for Android preview
May 22, 2015
Microsoft has launched a preview of Office for Android smartphones. Pre-release versions of ...
Microsoft is working on an iOS email chat feature called Flow
May 22, 2015
Microsoft is working on a new chat app, but at the moment we know more about what we DON'T know, ...
Windows 10 free upgrade: Microsoft details who gets what
May 22, 2015
Microsoft was meant to be streamlining its OS with Windows 10, so why is upgrading so confusing? ...
Latest Comments
Polls
Should Optus make a bid for iiNet?

   |   View results
Yes
  44%
 
No
  56%
TOTAL VOTES: 667

Vote