NFC Phone Hacking and Other Mobile Attacks

One of the main tracks today at the Black Hat 2012 conference in Las Vegas is Mobile. The most compelling one to me was Don’t Stand So Close To Me: An Analysis Of The NFC Attack Surface by the famous Charlie Miller. The others raised important concerns, but only Miller’s made me cringe. His presentation included a demonstration of the use of a malicious NFC device which, simply when placed close enough to a user’s phone, resulted in a complete compromise of the phone, or what security people call “remote code execution.”

Dr. Miller, formerly of the NSA, is well-known in the security field as a top security researcher and probably the top researcher of Apple products. He has won many awards for impressive attacks on Macs and iPhones. He is currently a principal research consultant for Accuvant Labs.

The NFC Forum's N-Mark logo for NFC-enabled devices

The NFC Forum’s N-Mark logo for NFC-enabled devices.

NFC is designed for close wireless communications with the most famous application being wireless payments. It’s very similar to RFID in design, but devices can exchange much richer sets of data. NFC communications are very close-range. Miller said he heard of it can be made to work as far as 10 cm, but 4 cm was about where he found the outer range.

It turns out that, at least on Android, if your phone is on and awake, NFC is active. And if it’s asleep and locked, an attacker who knows the number can wake it up with an SMS message. Google addressed this some in Android 4 (Ice Cream Sandwich) by turning NFC off when the phone is locked. You have to first unlock it with the passcode. Miller did all his testing on Android and on a Nokia phone running Meego.  Read More


About Rant4u

A Revolution in Social Networking

Posted on July 25, 2012, in #technology and tagged , , , , , , . Bookmark the permalink. Leave a comment.


Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: