New vulnerability Android – attack via NFC

Posted: October 10, 2012 in Vulnerability News
Tags: , ,

eScaneScan: discovered a new vulnerability Android – attack via NFC

Researchers at the company MWR Labs demonstrated at the conference EUSecWest, held September 19-20 in Amsterdam, a new exploit the mobile platform Android.

Hacker attack was made with the use of “near-field communication” (NFC).

Through NFC-connection specialists MWR Labs managed to pass between the two smartphone Samsung Galaxy S III malicious file, which is a zero-day exploit. Self-triggering the exploit allowed complete control of the receiver. Attacker could execute arbitrary code and gained access to the SMS-messages, pictures, contact lists and other information stored on your phone.

NFC – technology of contactless data exchange with a small (2-10 cm) radius of action – is becoming an increasingly popular method of payments, easily turning the phone into a credit card or electronic purse. To make a payment via NFC only need to bring the phone to the reader in the turnstile, or just stand in the poster on the wall.

Unfortunately, the rapid spread of NFC has meant that mobile phones have acquired a number of vulnerabilities inherent in the new technology.

“Developers NFC made some mistakes, which are now willing to use the attackers – comment eScan experts in Russia and the CIS. – For example, cybercriminals can create incorrect NFC-message reads disable their phone via NFC transmit malicious links and files, as well as substitute NFC-tags to false, which leads to illegal debited from the accounts of users. “

To prevent attacks similar to those demonstrated MWR Labs, it is necessary that the resulting file is transmitted via NFC applications on the phone only after additional Confirmation user. Perhaps in the future of mobile phones manufacturers implement the option of the acknowledgment and will include it in your phone’s settings by default. The same option is required the user to clearly see the link received via NFC, and confirms traversed. In addition, experts recommend that users eScan NFC-devices to make payments only through trusted labels.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s