Black Hat speaker shows how NFC can be used for malicious attacks

26 Jul 2012

Phones such as the Samsung Galaxy S III are NFC-enabled

In a talk entitled ‘Don’t Stand So Close to Me: An Analysis of the NFC Attack Surface’, security expert Charlie Miller has revealed the dangers of NFC technology in the wrong hands at Black Hat USA 2012, the computer security conference taking place in Las Vegas.

Miller, principal research consultant at Accuvant, noted how bugs in both Android and Nokia phones can be exploited via near-field communication (NFC) technology. This technology allows the transfer of data between an NFC tag, or sticker, and any NFC-enabled device that comes in close contact with it.

Miller demonstrated how attackers could use these tags to infiltrate users’ smartphones. For example, a tag could prompt a smartphone to visit a malicious website, or even download malware.

Attackers could then exploit a browser bug that would give them the ability to access a user’s cookies and monitor their web browsing, completely unbeknownst to them. This bug could also let an attacker take over a user’s phone, accessing the browser without any need for user interaction.

In particular, Miller found bugs in the way NFC parsing code was written on the Android Nexus S and Samsung Galaxy Nexus. However, at least one of these issues appears to have been fixed with Ice Cream Sandwich.

By default, NFC is always on with Android devices, and the Nokia N9 running the Linux-based MeeGo operating system accepts NFC requests without permission if NFC is enabled.

Using this technology, attackers could pair with the N9 via Bluetooth – even if Bluetooth is switched off – allowing them to make calls, send messages and download data on the user’s phone. Miller also spotted a bug in the way documents are viewed on this device and believes malicious Word documents could also be sent to exploit this.

NFC is only enabled when a device’s screen is on and unlocked. This, coupled with the proximity required for data transfer, means users are somewhat protected from sneak attacks. However, attackers might even replace NFC stickers where users are encouraged to use them, on a film poster or even at a payment terminal.

Miller suggests that actions triggered by NFC technology shouldn’t take place without the user being alerted and consenting to the action, and his research has been submitted to Google and Nokia.

Elaine Burke is the host of For Tech’s Sake, a co-production from Silicon Republic and The HeadStuff Podcast Network. She was previously the editor of Silicon Republic.