SECURITY RESEARCHER Charlie Miller has revealed how near field communications (NFC), an increasingly popular technology in Android phones such as the Samsung Galaxy S3, makes it easy to hack the devices.
The Accuvant Labs research consultant showed attendees at the Black Hat conference a pair of demonstrations in which an attacking device could access a targeted handset and remotely execute files via NFC connections, such as those used by Samsung's S Beam.
In his demonstrations, Miller showed an Android handset being compromised by way of the Beam file-sharing feature.
By way of initiating a peer-to-peer NFC session, typically initiated by tapping two handsets together, Miller was able to access a targeted handset and run code that allows an attacker to load an attack page without any notification or permissions.
In the second demonstration, Miller was able to exploit connections between NFC devices and Bluetooth components on the Nokia N9 to activate a handset, install and then execute files including a Powerpoint presentation.
The presentation was the result of several months of research in which Miller analysed the NFC format from its most basic radio communications system to the high-level components that link NFC hardware to third-party applications.
The report noted that in most cases the range was limited to contact in which the attacking device was a few inches away or touching the targeted device. Miller commented that attacks from long distances are highly unlikely.
Miller's conclusion was that in most cases, the weakest link in NFC is at the higher levels of the stack where more vulnerabilities can be exploited.
"The real attack surface is the browser, and that is pretty screwed up," Miller commented.
The presentation was also part of an effort by Miller to pique the interest of researchers and developers in NFC security. He noted that in the case of his demonstrations, possible attacks could be spotted simply by enabling NFC connection alerts and permissions by default on handset.
Miller quipped, "Before you push a web page to me, for God's sake give me the option to say no."
Miller has a history of high-profile security presentations and discoveries. Between 2009 and 2011 he won a string of three consecutive Pwn2Own hacking contests and in 2011 the discovery of flaws in IOS lead to his banishment from Apple's developer programme. µ
It's time for our regular two-step through the Google news
Bug bounty offer: accepted