NFC Phone Hacking and Other Mobile Attacks
One of the main tracks today at the Black Hat 2012 conference in Las Vegas is Mobile. The most compelling one to me was Don’t Stand So Close To Me: An Analysis Of The NFC Attack Surface by the famous Charlie Miller. The others raised important concerns, but only Miller’s made me cringe. His presentation included a demonstration of the use of a malicious NFC device which, simply when placed close enough to a user’s phone, resulted in a complete compromise of the phone, or what security people call “remote code execution.”
Dr. Miller, formerly of the NSA, is well-known in the security field as a top security researcher and probably the top researcher of Apple products. He has won many awards for impressive attacks on Macs and iPhones. He is currently a principal research consultant for Accuvant Labs.
NFC is designed for close wireless communications with the most famous application being wireless payments. It’s very similar to RFID in design, but devices can exchange much richer sets of data. NFC communications are very close-range. Miller said he heard of it can be made to work as far as 10 cm, but 4 cm was about where he found the outer range.
It turns out that, at least on Android, if your phone is on and awake, NFC is active. And if it’s asleep and locked, an attacker who knows the number can wake it up with an SMS message. Google addressed this some in Android 4 (Ice Cream Sandwich) by turning NFC off when the phone is locked. You have to first unlock it with the passcode. Miller did all his testing on Android and on a Nokia phone running Meego. Read More