Near-field mobiles are a hacker's joy

Stefan Mileschin · 30th July 2012, 07:33

While the rest of the world is touting "near field communications" as a way of ending the need for a wallet, it appears that hackers might be rubbing their hands with joy.

At the Black Hat security conference, Apple and Android hacker Charlie Miller showed a method that a virtual pickpocket might nick cash or any data they like from your phone using the near-field communications function.

According to the New York Times, Miller said that all you need to take complete control of Android and Nokia phones is simply by bringing another device or just a chip within a few inches of the target gadget.

Miller works for security firm Accuvant and gets funds from the Pentagon's research arm, the Defense Advanced Research Projects Agency (DARPA_.

He has worked out that all you need to do is flash an (NFC) tag containing a chip next to an Android Nexus S phone and you can load a malicious url in the phone's browser through a feature that Google calls Android Beam.

From there you can hit another vulnerability in the phone's browser to take complete control of the device through the rigged website.

Then it is a simple matter to nick any information stored on the phones SD card. If you like you could install software to monitor its communications or movements.

It is just a matter of brushing up against someone in a crowded room.

Miller said that Android Beam was designed so that you can share a game you're playing or a web page or something on Maps. But it is a huge security hole.

The browser vulnerability that Miller used has been fixed in Android's version 4.01 but many people have not updated. Indeed, 90 percent of Android users have not even upgraded to the latest version of the operating system.

Miller was rather busy. He also used the Nokia N9′s NFC content sharing feature to send it a maliciously-crafted Word document that takes advantage of vulnerabilities in the phone's word processor to take control of the device.

All up, not a good day to put your trust in mobile devices.

http://news.techeye.net/security/nea...-a-hackers-joy

30th July 2012, 07:33	#1
Stefan Mileschin [M] Reviewer Join Date: May 2010 Location: Romania Posts: 148,500	Near-field mobiles are a hacker's joy While the rest of the world is touting "near field communications" as a way of ending the need for a wallet, it appears that hackers might be rubbing their hands with joy. At the Black Hat security conference, Apple and Android hacker Charlie Miller showed a method that a virtual pickpocket might nick cash or any data they like from your phone using the near-field communications function. According to the New York Times, Miller said that all you need to take complete control of Android and Nokia phones is simply by bringing another device or just a chip within a few inches of the target gadget. Miller works for security firm Accuvant and gets funds from the Pentagon's research arm, the Defense Advanced Research Projects Agency (DARPA_. He has worked out that all you need to do is flash an (NFC) tag containing a chip next to an Android Nexus S phone and you can load a malicious url in the phone's browser through a feature that Google calls Android Beam. From there you can hit another vulnerability in the phone's browser to take complete control of the device through the rigged website. Then it is a simple matter to nick any information stored on the phones SD card. If you like you could install software to monitor its communications or movements. It is just a matter of brushing up against someone in a crowded room. Miller said that Android Beam was designed so that you can share a game you're playing or a web page or something on Maps. But it is a huge security hole. The browser vulnerability that Miller used has been fixed in Android's version 4.01 but many people have not updated. Indeed, 90 percent of Android users have not even upgraded to the latest version of the operating system. Miller was rather busy. He also used the Nokia N9′s NFC content sharing feature to send it a maliciously-crafted Word document that takes advantage of vulnerabilities in the phone's word processor to take control of the device. All up, not a good day to put your trust in mobile devices. http://news.techeye.net/security/nea...-a-hackers-joy

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Intel plans cheap and cheerful mobiles	Stefan Mileschin	WebNews	0	17th February 2012 07:25
Ars takes a field trip: the Creation Museum	jmke	WebNews	1	8th June 2007 11:37
ATI SB460 preps the field for SB600	jmke	WebNews	0	28th February 2006 12:53
IBM Reveals New Low-Power Chip. IBM’s PowerPC 970FX for Mobiles Releases	jmke	WebNews	0	11th July 2005 18:14
Mobiles in hospitals now safe: official	jmke	WebNews	0	29th July 2004 13:21