Android, Nokia phones exposed by NFC hack

The mobile world is becoming increasingly receptive to Near Field Communication technology, with research suggesting that making payments with smartphones will become as common as using cash or credit cards.

But as is so often the case when our phones enter new technological territory, security risks become apparent.

Accuvant Labs researcher Charlie Miller has revealed how easy it can be for hackers to exploit NFC devices in a demonstration at the Black Hat conference in Las Vegas. Using a Samsung Galaxy Beam running Android, Miller tapped another handset against the phone to begin a peer-to-peer NFC session, and sent code on the attacking device over the air so the Beam picked up malicious files that could exploit vulnerabilities in a document reader, browser, or the operating system itself.

A Nokia N9 running Linux-based MeeGo was then compromised by Miller, who exploited connections between another device’s NFC and the N9’s Bluetooth components to install malicious files into the Nokia phone.

Miller had heavily scrutinised NFC technology in advance of the demonstration and concluded that NFC phones are most at risk when in close proximity or when touched by attacking devices, though long distance hacks are unlikely.

His findings will represent a blow for the security teams behind Android and MeeGo (now Tizen), and engineers across the industry will be redoubling their efforts in assessing all the risks of running on NFC-enabled handsets.

Miller is well known for his security wisdom and hacking experiments. Having worked for Apple on its development programme, Miller was promptly dismissed by the company last year for posting a video showing how to inject malicious code into an iOS app.

Source: The Inquirer