All right, we should qualify this right out of the box: this flaw
in NFC can allow pretty easy hacking of devices, but of course because
of the way NFC works, the hacker needs to be really really really close
to you in the first place, which does help to mitigate the security
threat a bit. Still, Charlie Miller showed off a pretty easy hack at the
Black Hat security conference using Samsung Android handsets and Nokia
MeeGo handsets.
The
exploit was shown on a Nexus S running Android 2.3 Gingerbread, and a
Galaxy Nexus running Android 4.0 Ice Cream Sandwich. It's unclear how
the new security features of Jelly Bean
factor into this. The exploit was also shown on the Nokia N9. The basic
problem is that once NFC interactions are enabled (default on with
Android, but default off in MeeGo), all files are automatically accepted
without any options by users to refuse files. Since files are
automatically accepted, it makes it much easier to load malicious code
on a target device, assuming you can get close enough to do so
Source: netasq-India
Of course,
as we said, the attacking device (either a standalone chip, or other
NFC-enabled device) has to be just a few centimeters from the target
device in order to use the NFC exploit. The hack works by beaming
malicious code wirelessly to the target device, and once deployed
the code will exploit a known vulnerability through files or webpages in
a document reader or browser, or even in the operating system itself. So,
essentially, the NFC exploit is really just an extremely easy delivery
system for malicious code rather than a direct exploit of the systems.
Source: netasq-India
No comments:
Post a Comment