Researcher/hacker Charlie Miller works for security firm Accuvant and his research has been funded in part by DARPA. He spoke at last week’s Black Hat security conference regarding potential pitfalls of NFC technology.
Miller learned “that he could simply flash a near-field-communications (NFC) tag containing a chip next to an Android Nexus S phone to load a malicious URL in the phone’s browser through a feature that Google calls Android Beam,” according to Forbes.
NFC allows smartphone users to pay bills wirelessly and sync with nearby computers, among other things, but it could also be putting users in danger of viruses and/or data theft.
“The whole idea of Android Beam is that if you both have Android phones, you can share a game you’re playing or a Web page or something on Maps,” explains Miller. “But the scary thing is that with just an NFC tag I can make your browser open a Web page and completely own your phone.”
The vulnerabilities Miller showcased have been addressed in Android’s 4.01 version of its Android Beam, but up to 90 percent of users haven’t updated to that version, according to the article.
Miller highlighted similar security risks with some Nokia and Android phones, focusing on what happens when certain applications run NFC-enabled software.
“Once you realize NFC opens the gateway to the browser and other big attacks surfaces, I thought, why waste time exploiting these NFC bugs,” he says. “As an attacker I wouldn’t look for NFC bugs but instead focus on other applications that you can get to run using NFC.”
Researcher/hacker Charlie Miller works for security firm Accuvant and his research has been funded in part by DARPA. He spoke at last week’s Black Hat security conference regarding potential pitfalls of NFC technology.
No Comments Yet
You can be the first to comment!
Leave a comment
You must be logged in to post a comment.