With Near Field Communication (NFC) now being used for financial transactions a researcher has demonstrated how smartphones can be hacked by using this radio based technology. Research consultant Charlie Miller, from security firm Accuvant, demonstrated the hacking tools his company has created, at the recent Black Hat hacking conference in Las Vegas.
NFC is activated when devices are in close proximity and the tools demonstrated by Miller work by abusing a feature in Android phones known as ‘Android Beam’, which supports communications between devices over short distances.
An apparently severe weakness in the 'Android Beam' protocol means that Android phones are forced by default to open whatever file, or whatever web link, is sent to the phone.
Accuvant’s system contains a custom chip that allowed Miller to push commands through to Android phones that happen to be nearby, forcing them to visit websites already laden with software designed to compromise the phones. A Samsung Nexus S, a Google Galaxy Nexus and the Nokia N9 were all hacked to demonstrate how easily this could be done.
The BBC has more on this story here.
