facebook rss twitter

Android NFC walk-by vulnerabilities demonstrated

by Mark Tyson on 26 July 2012, 10:16

Tags: Google (NASDAQ:GOOG), Nokia (NYSE:NOK)

Quick Link: HEXUS.net/qabj5v

Add to My Vault: x

Computer security experts were gathered in Las Vegas yesterday at the Black Hat USA 2012 Hacking Conference. In a presentation by Charlie Miller of Accuvant Labs an NFC exploit, capable of executing without user interaction, was disclosed. “This is sort of frightening,” Miller said. “I can get shell and all I did was get near the phone.”

NFC and Android Beam leave you open by default

Miller said “NFC opens a new wave of server-side attacks, without user interaction.” The security researcher used three smartphones to show the vulnerabilities in NFC; the Nexus S (Gingerbread), the Galaxy Nexus (ICS) and the Nokia N9 (MeeGo). The Android phones both have NFC enabled by default and are attacked through NFC opening a browser to exploit a browser vulnerability. The Nokia N9 doesn’t have NFC turned on by default, but if it’s on the phone can be hacked by utilising flaws in its Powerpoint and PDF apps.

NFC enabled SIM card

The NFC hack works like this; a postage stamp sized device (or another NFC enabled phone, prepared by the hacker) is concealed somewhere like a payment desk at a restaurant. When the NFC user walks by, their NFC smartphone gets infected and could be taken over. Android Beam, a new feature added to Android ICS using NFC technology, is similarly open to suggestion. Using Android Beam, Miller showed he could force a nearby handset browser to open and visit any website of his choice.

Android browser holes, most people can't get security updates

As well as the NFC route to taking over your phone several other security problems of Android phones were discussed. There is a security flaw in the stock Android browser (in Android 4.0.1 or earlier), a flaw publicly revealed by the Google Chrome browser team and subsequently fixed within that often updated piece of software. However as many Android users are stuck on old versions of the OS they will never get fixes or patches. BeyondTrust CTO Marc Maiffret says “Google has added some great security features, but nobody has them” which illustrates the Android smartphone owner update problems very succinctly.

Bouncer gets bypassed

Another security firm, Trustwave, showed that Google’s much heralded “Bouncer” technology, meant to identify and remove malicious software from Google Play, could simply be evaded. After uploading a legitimate non-malware app the researchers remotely added malware features using something called a Javascript bridge, bypassing Google Play updates. This same Javascript bridge is used by Facebook and LinkedIn apps for legitimate purposes.

Responses of Google and Nokia

In response to an Ars Technica article about these NFC shenanigans, Nokia said “Nokia takes product security issues seriously. Nokia is aware of the NFC-research done by Charlie Miller and are actively investigating the claims concerning Nokia N9.” Google representatives have not yet commented.

HEXUS Forums :: 2 Comments

Login with Forum Account

Don't have an account? Register today!
I'm not sure how serious this is - given that (Android Beam aside) there's not much use at the moment for NFC on Android. And given that AB came in with ICS and most systems seem to have been moved on from 4.0.1, is this a big deal? (e.g. my S3 is on 4.0.4 at the moment).

So if you're not planning to use it, I guess the best (and very obvious!) advice is to turn NFC off.

The bridge bypass though, DOES sound like a big deal (to me), so fingers crossed that Google devs are taking it seriously and doing something about it.
I'm not surprised I always thought the NFC feature was a potential weak spot. As crossy said the best thing to do would be to turn it off.