Android’s Near Field Con-munication problem

Well, how about that? Just last week I talked about a newuse for Near Field Communication on your Android smartphone…but now it’semerged that NFC is also a potential security problem. Go figure.

As I noted in the previous column, NFC is a short-rangetechnology that allows users to transfer data between devices – tap themtogether, and you can transfer information, or make a payment at a retailkiosk. While this technology opens up a world of possibility, it’s alsovulnerable to hackers according to Charlie Miller, who demonstrated somehacking scenarios at the Defcon Black Hat hacking conference late last week.

According the New York Time Bits blog, Miller (a securityresearcher at Accuvant) successfully hacked the Samsung Nexus S, the GalaxyNexus and a Nokia N9 live in front of an audience, and was able to take controlof the phones using the NFC exploit.

The implications are a bit troubling, especially for thosewho want to start using their phones to pay for things via Google Wallet. Rightnow there aren’t a lot of places in Canada that accept payment using NFC, butas more phones and tablets integrate the technology, you can expect it to bemore prevalent at retail. And as the technology grows in popularity, so doesthe incentive to find a way to exploit it.

For example, if you tapped your phone against a rogue NFCdevice, it could route your phone’s browser to a compromised site, andultimately send sensitive data on your phone to that site.

If you think it’s unlikely that someone would interact witha rogue payment terminal, just remember how often no-goodniks have been able toswap out debit terminals with hacked terminals. And then remember thephenomenon of USB “dead drops”, where people demonstrated their willingness toconnect their notebooks to random USB connectors left in public places – apretty solid way to spread malware if there ever was one.

It’s important to note that the patch Miller showed off atDefcon has since been patched by Google in the 4.0.1 update to Ice CreamSandwich, so it’s probably a good idea to update to that newer version of theOS if you’re able to. But since there’s still a danger that NFC can be used asan exploit vector using Google Beam – even after patching to 4.0.1 – it’sprobably still worth exercising at least a modicum of caution when whipping thephone out to use NFC.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada
Sean Carruthers
Sean Carruthershttp://www.globalhermit.com
Sean Carruthers is a freelance writer, video producer and host based in Toronto, Canada. Most recently, he was a Senior Producer at butterscotch.com, where he was responsible for the conception, writing, production and editing of a number of web video shows, including Lab Rats, How Do I?, Status Update, The Noob, and more.

Featured Download

IT World Canada in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Latest Blogs

Senior Contributor Spotlight