Nokia and Samsung devices hacked due to NFC flaw

Andre Yoskowitz
27 Jul 2012 19:34

During the Black Hat security conference this week, both Nokia and Samsung devices were hacked due to an NFC vulnerability.
NFC, which is still in its infancy, is now becoming a standard on new smartphones and analysts expect NFC to be used in $180 billion worth of consumer purchases by 2017.

Charlie Miller, a principal research consultant at security firm Accuvant, hacked a Samsung Nexus S, a Galaxy Nexus and a Nokia N9: "It turns out that through NFC, using technology like Android Beam or NDEF [NFC Data Exchange Format] content sharing, one can make some phones parse images, videos, contacts, office documents, even open up Web pages in the browser, all without user interaction."
NFC-based mobile systems have been slow to adoption, with the number one reason usually being security.

Most companies offer at least one NFC-enabled phone, and the big hitter, Apple, is expected to add the functionality with their upcoming iPhone 5 in October.

In his demonstration, Miller used NFC to send someone else's phone to a malicious website: "If I walk up to your phone and touch it, or I just get near it, your Web browser, without you doing anything, will open up and go to a page that I tell it to."

Additionally, a concealed NFC tag placed on a payment terminal or other legitimate NFC-enabled device can be used to take control of the device, as long as they are unlocked.

These issues will certainly need to be resolved before NFC can become mainstream.

More from us
Tags
Samsung Nokia hacking NFC black hat
We use cookies to improve our service.