#BlackHat: Phones hijacked by malicious NFC tag

Powered by SC Magazine
 

Android, Nokia compromised.

View larger image View larger image View larger image

See all pictures here »

A malicious wireless  tag has been created that can crack an Android phone in seconds.

The tag exploits a vulnerability in near field communication (NFC), a wireless technology popular on Android phones that establishes communication between devices through physical contact.

Well-known Apple hacker and Accuvant researcher Charlie Miller wowed the crowed at Black Hat Las Vegas through a demo that involved infiltrating an Android phone by simply grazing it with a tag embedded with an NFC chip.

Black Hat 2012 coverage

Once the phone was tagged, the browser opened to a phony web page that gave Miller full access to the data on the device. 

The exploited Android vulnerability was already patched by Google, but  Miller also discovered a similar bug in Nokia N9 which runs on the MeeGo platform.

Miller told SC he decided to focus his latest research on the little researched NFC technology because exploiting it does not require user interaction.

"I'm always looking for something to pick on," he said.

Miller believes the lack of in the wild attacks against NFC may be because the technology still isn't prevalent.

"If you imagine a time when you're always paying with your phone, these [attacks] would be everywhere," he said. "Replacing NFC tags with malicious ones are totally realistic. It's the equivalent of ATM skimming."

There is a way to make the technology more secure, such as prompting a user to opt in to each exchange they make, but the solution would affect the convenience of NFC, Miller said.

"You would have to give up some of that convenience to make it more secure," he said.

This article originally appeared at scmagazineus.com

Copyright © SC Magazine, US edition


 
 
 
Top Stories
The True Cost of BYOD - 2014 survey
Twelve months on from our first study, is BYOD a better proposition?
 
Photos: Unboxing the Magnus supercomputer
Pawsey's biggest beast slots into place.
 
ANZ looks to life beyond the transaction
If digital disruptors think an online payments startup could rock the big four, they’ve missed the point of why people use banks, says Patrick Maes.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest articles on BIT Latest Articles from BIT
Pass on carbon tax savings, warns ACCC
Jul 24, 2014
The ACCC is warning businesses that supply "regulated goods" to pass on any cost savings ...
Have customers that won't pay debts?
Jul 10, 2014
The ACCC and ASIC have updated their advice when it comes to collecting debts.
Carpet cleaner faces court over online testimonials
Jul 4, 2014
The ACCC has initiated proceedings against A Whistle (1979) Pty Ltd, the franchisor of Electrodry...
You can now get 15GB of free online storage using Microsoft OneDrive
Jun 25, 2014
Cloud storage has reached both the capacity and price where it's a viable alternative to local ...
Another clever trick you can perform with Xero
Jun 25, 2014
Here is another way to reach out to particular subsets of your customers using Xero.
Latest Comments
Polls
What is delaying adoption of public cloud in your organisation?







   |   View results
Lock-in concerns
  29%
 
Application integration concerns
  3%
 
Security and compliance concerns
  28%
 
Unreliable network infrastructure
  9%
 
Data sovereignty concerns
  21%
 
Lack of stakeholder support
  3%
 
Protecting on-premise IT jobs
  4%
 
Difficulty transitioning CapEx budget into OpEx
  3%
TOTAL VOTES: 1094

Vote