[Owasp-natal] Android and Nokia smartphones hijacked via NFC

Noilson Caio caiogore em gmail.com
Quinta Julho 26 15:03:35 UTC 2012

At the Black Hat <http://www.blackhat.com/> information security conference
in Las Vegas, security specialist Charlie Miller has demonstrated the
potential risks of Near Field Communication (NFC), a standard that has
already been integrated into many smartphones: the researcher managed to
use NFC to infect smartphones from different manufacturers with malicious
code – without any need to interact with the smartphone owner.

During his nine months of research, Miller focused on the applications that
access the radio interface. The most well-known app is probably Google's
Beam, which has been factory installed on all Android devices since Android
4.0 (Ice Cream Sandwich). If a victim's smartphone is placed in the
vicinity of a tag that has been tampered with, the phone's browser will be
launched and will access a web site – in this case one that contains
malware exploits for Android.

For the demonstration, Georg Wicherski from Crowdstrike contributed a
vulnerability in the Webkit browser of older Android versions (up to
Gingerbread) that allowed Miller to take control of the device. The
researcher says that 90% of all Android devices still have an old, and
therefore vulnerable version of Android
The bug can, in principle, also be deployed via other channels, but the NFC
technology allows infections to be successful without any user interaction.

The Nokia N9, which uses Nokia's MeeGo operating system, was infected in a
different way: the device is factory set to accept arbitrary NFC
communication and will, for example, automatically display images or Office
files that are sent this way. Miller says that the file rendering
applications contain numerous bugs that can cause buffer overflows and
enable attackers to take control of a device.

An attacker can also activate the N9's Bluetooth interface via NFC and then
pair the device with a notebook. According to Miller, it is then possible
to send premium-rate SMS text messages or call premium numbers, export the
address book, and access the N9's filesystem.

As NFC only has a range of a few centimetres, attackers and their NFC tags
or NFC-enabled phones must get very close to their victims. Miller
therefore considers it more likely that malicious tags could, for instance,
be attached to advertising posters, or that NFC terminals could be
exchanged for modified ones.

(Uli Ries / djwm <djwm at h-online.com>)

Noilson Caio Teixeira de Araújo
Linux Professional Institute Certification  2 - LPI000182893
Novell Certified Linux Administrator (CLA) - 10111916
Novell Data Center Technical Specialist

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-natal/attachments/20120726/19f417e0/attachment.html>

More information about the Owasp-natal mailing list