News: Have an NFC-Enable Phone? This Hack Could Hijack It

Have an NFC-Enable Phone? This Hack Could Hijack It

Have an NFC-Enable Phone? This Hack Could Hijack It

Some of us use our smartphones for almost everything. Manufacturers know this, so they try to make their devices as convenient as possible to use, but sometimes that convenience comes with a cost to security. The very same technology that allows you to easily share music with friends and make purchases can also put you at risk.

Image via staticflickr.com

Photo by sam_churchill

At the Black Hat Conference this week, smartphone hacker Charlie Miller showed how NFC (or Near Field Communication) can make phones vulnerable to all kinds of attacks. Basically, he designed a tag that can take over the daemon that controls NFC, allowing a hacker to make your phone do anything. All he has to do is get close enough to the device while it's turned on.

During the demonstration, Miller was able to make calls, send text messages, open Webpages, and upload and download files without permission from the phone's owner. Once NFC is engaged, it doesn't prompt the user before accepting requests and, as of right now, there's no way to change this. NFC can be disabled, but if it's turned on you can't choose what to accept or reject. That means that once someone has access to your phone, there's nothing they can't take.

Image via arstechnica.net

Photo by Charlie Miller

Not all devices have NFC yet, but it's becoming more widespread and most Android and MeeGo devices have it. The Galaxy Nexus seems to be one of the most vulnerable phones to these kinds of attacks because it enables NFC by default. Older versions of Android also have a few memory corruption bugs that make them easy targets for NFC attacks.

Because of how close you have to be in order for this to work, it shouldn't be a huge concern, but as more devices start to include NFC capabilities and hackers come up with creative ways to exploit them, it could become a threat. Hopefully this will catch developers' attention and they'll give you the option to choose what files you accept, but until then, it's always good to be as cautious as possible.

2 Comments

I dont have a computer /laptop nor tablet can't afford one at this time. I know I really hate this. Anyway how i communicate, and get online is through my Android mobile phone. My phone is not connected anylonger to a service. I was at one time using Metropcs. I was getting charged more and more every month. Anyway I have Wi-Fi so I'm using my phone for the internet. What im trying to ask is. Are there any way i can use this phone to text someone other than using facebook, yahoo messenger etc. Is there a way i can text someone phone from mine?

I use google voice myself when at home make calls and send text to u.s. free international you gotta pay

Share Your Thoughts

  • Hot
  • Latest