The Inquirer-Home

NFC payments at the London Olympic Games are not safe, McAfee warns

Attackers at the Games could use stolen credentials to make purchases
Fri Jul 06 2012, 10:43
Google Wallet

SECURITY FIRM McAfee has warned of the dangers of paying for goods using near field communications (NFC) following the news that Samsung Galaxy S3 smartphones will be given out to every athlete at the London 2012 Olympics this Summer.

After Google fixed a vulnerability in its Wallet app recently that allowed an attacker to use a free prepaid card to crack PINs on the phone, McAfee said attackers can now "go after the hardware itself".

"One can get excellent results by targeting the OS and its NFC-handling libraries," McAfee mobile security researcher Jimmy Shah said in a blog post today. "Fuzzing the hardware, which involves feeding corrupt or damaged data to an app to discover vulnerabilities, is a good first step."

Shah pointed to research by security experts Charlie Miller and Collin Mulliner that looked at fuzzing NFC tags.

"Recently he updated his software to measure Android devices, allowing him to inject crafted NFC tags to a phone and then monitor the results," Shah explained. "He can programmatically feed crafted or damaged NFC tags to Android's library and then capture any crashes or code-execution opportunities."

Shah warned that an attacker wishing to target a device such as the Galaxy S3 can easily buy one and use Mulliner's research to help find vulnerabilities and eventually develop exploits to steal a victim's credit card.

"The large number of readers at the Olympics will provide places where a successful attacker can use stolen credentials to make purchases," he said.

"The Olympics will also provide a concentrated pool of targets (people and phones) to pilfer from - especially if everyone is busy watching who wins the medals and not worrying about where his or her phone is." µ


Share this:

blog comments powered by Disqus
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

INQ Poll

Happy new year!

What tech are you most looking forward to in 2015