Some of us use our smartphones for almost everything. Manufacturers know this, so they try to make their devices as convenient as possible to use, but sometimes that convenience comes with a cost to security. The very same technology that allows you to easily share music with friends and make purchases can also put you at risk.
Photo by sam_churchill
At the Black Hat Conference this week, smartphone hacker Charlie Miller showed how NFC (or Near Field Communication) can make phones vulnerable to all kinds of attacks. Basically, he designed a tag that can take over the daemon that controls NFC, allowing a hacker to make your phone do anything. All he has to do is get close enough to the device while it's turned on.
During the demonstration, Miller was able to make calls, send text messages, open Webpages, and upload and download files without permission from the phone's owner. Once NFC is engaged, it doesn't prompt the user before accepting requests and, as of right now, there's no way to change this. NFC can be disabled, but if it's turned on you can't choose what to accept or reject. That means that once someone has access to your phone, there's nothing they can't take.
Photo by Charlie Miller
Not all devices have NFC yet, but it's becoming more widespread and most Android and MeeGo devices have it. The Galaxy Nexus seems to be one of the most vulnerable phones to these kinds of attacks because it enables NFC by default. Older versions of Android also have a few memory corruption bugs that make them easy targets for NFC attacks.
Because of how close you have to be in order for this to work, it shouldn't be a huge concern, but as more devices start to include NFC capabilities and hackers come up with creative ways to exploit them, it could become a threat. Hopefully this will catch developers' attention and they'll give you the option to choose what files you accept, but until then, it's always good to be as cautious as possible.
It’s Black Friday week in the Null Byte shop! If you’ve been wanting to improve your skill set in hacker- and cybersecurity-geared topics such as Python, Raspberry Pi, and Linux, now’s the time. We’ve got huge sales on online courses, and we’ve outlined 13 favorites you won’t want to miss. Check them out!