Some of us use our smartphones for almost everything. Manufacturers know this, so they try to make their devices as convenient as possible to use, but sometimes that convenience comes with a cost to security. The very same technology that allows you to easily share music with friends and make purchases can also put you at risk.
Photo by sam_churchill
At the Black Hat Conference this week, smartphone hacker Charlie Miller showed how NFC (or Near Field Communication) can make phones vulnerable to all kinds of attacks. Basically, he designed a tag that can take over the daemon that controls NFC, allowing a hacker to make your phone do anything. All he has to do is get close enough to the device while it's turned on.
During the demonstration, Miller was able to make calls, send text messages, open Webpages, and upload and download files without permission from the phone's owner. Once NFC is engaged, it doesn't prompt the user before accepting requests and, as of right now, there's no way to change this. NFC can be disabled, but if it's turned on you can't choose what to accept or reject. That means that once someone has access to your phone, there's nothing they can't take.
Photo by Charlie Miller
Not all devices have NFC yet, but it's becoming more widespread and most Android and MeeGo devices have it. The Galaxy Nexus seems to be one of the most vulnerable phones to these kinds of attacks because it enables NFC by default. Older versions of Android also have a few memory corruption bugs that make them easy targets for NFC attacks.
Because of how close you have to be in order for this to work, it shouldn't be a huge concern, but as more devices start to include NFC capabilities and hackers come up with creative ways to exploit them, it could become a threat. Hopefully this will catch developers' attention and they'll give you the option to choose what files you accept, but until then, it's always good to be as cautious as possible.
Want to start making money as a white hat hacker? Jump-start your white-hat hacking career with our 2020 Premium Ethical Hacking Certification Training Bundle from the new Null Byte Shop and get over 60 hours of training from ethical hacking professionals.