Thursday, 26 July 2012 19:11

Charlie Miller Shows Off How Dangerous NFC Can Be At Black Hat

Written by
Rate this item
(0 votes)

Reading time is around minutes.

The Black Hat conference is happening right now in Sin City and already there is news coming out of the gather that should send chills down the spine of many smartphone owners. Apparently it is dead simple to exploit the NFC (Near Field Communications) found on Nokia and Samsung Products (this also extends to the NFC that will be in Apple’s devices when they are launched later this year). If you trot around with your NFC feature enabled someone can gain control of your phone by simply brushing a properly prepared tag against it.

The demonstration was from Mr. Charlie Miller, a former NSA analyst that used to love to hack away at Apple’s defenses until Apple terminated his developer account for showing them a bug in Mobile Safari. The details are pretty simple. Miller reported the bug, Apple ignored it, and Miller posted an app with the exploit inside to the App store. With the app (a stock ticker) he was able to take complete control over the iPhone he was testing with.

Now it seems that Miller has moved on from the indignation of the incident and is now looking into the security of other devices. This demo showed off how NFC can be exploited; fortunately for most people total control of your phone is not likely. In his demo he used an older version of Android and a Nokia N9 with MeeGo. Most people that have NFC will have more secure settings, but the potential for exploits or to use NFC as a vector for attack is pretty high. Most experts recommend turning Bluetooth, WiFi and NFC off when you are not using them. It can be a pain to turn them on and off all the time, but the alternative is to have someone take control of your phone or grab data including any credit cards that you might have assigned to your digital wallet. The demo touches on something else. If someone can grab data from your phone through NFC how secure are they for check-in at airports or keys for hotels?

Discuss this in our Forum

Read 3472 times Last modified on Thursday, 26 July 2012 19:21

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.