more NFC hacks

somdfunguy

somdfunguy

not impressed
https://threatpost.com/en_us/blogs/charlie-miller-takes-nfc-charlie-miller-wins-072512


The attacks that Miller developed rely on the NFC (near-field communication) short-range wireless communication protocol that is used for mobile payments, file transfers and other transactions. The range of the NFC chips, which are in some phone models such as the Nexus S and Nokia N9 now and will be in many more in the near future, is quite small, a few centimeters. Miller, best-known for his research on iOS, used funds from the DARPA Cyber Fast Track program to look at the security properties of NFC as it's implemented in current phones and devices. What he found was that he could place a simple NFC tag next to a Nexus S and force the phone's browser to open an arbitrary Web site.
Click to expand...


Researcher wows Black Hat with NFC-based smartphone hacking demo - Computerworld
I can read all the files, said Miller about how he managed to break into the Nokia 9 when his home-made NFC-based device is in very close proximity to the targeted smartphone. I can make phone calls, too. Vulnerabilities he identified in the Android-powered Nexus S were located in the browser surface, he said. NFC works at near-contact range, and it could not be used to attack from any distance
Click to expand...

Android, Nokia smartphone security toppled by Near Field Communication hack | Ars Technica
Insecure by default

The Nexus S—when running the Gingerbread (2.3), by far the most dominant Android installation—contains multiple memory-corruption bugs. They allow Miller—using nothing more than a specially designed tag—to take control of the application "daemon" that controls NFC functions. With additional work, he said the tag could be modified to execute malicious code on the device. Some, but possibly not all of those bugs were fixed in the Ice Cream Sandwich (4.0) version of Android, so the attacks may also work against that release and Jelly Bean (4.1) as well
Click to expand...
 
Last edited:
ylexot

ylexot

Super Genius
Yes, the tag has to be very close to the phone and the screen has to be on. Really not something to be too worried about. It's not like anyone can hijack your phone while it is in your pocket.
 
You must log in or register to reply here.
Top