By Jonathan Charles | Jul 28, 2012 12:21 PM EDT
A presentation from a research consultant has revealed the ability to hack into Android and MeeGo devices via NFC exists. The exploit allows information to be sent over short distances through the software, like the NFC-enabled Android Beam, and even the ability to control a device.
Charlie Miller, a research consultant at security firm Accuvant, presented the hack. The hack allows data to be stolen from three handsets. Included are the Samsung Nexus S, from Google; the company's Samsung Galaxy Nexus device; and the Nokia N9. The devices run the Android and MeeGo mobile operating systems.
In the presentation, Miller abused the Android Beam feature using NFC, allowing data to be sent over short distances, similar to Bump for iOS and Android. For those not in the know, Bump is an app that allows contact information to be sent by 'bumping' phones together.
Miller revealed that a default setting in the Beam software exists, which allows a link to be opened or a file to be sent to the device. In a seemingly simple exploit; therefore, Miller could redirect a device's browser to a website exploiting vulnerabilities in Android. It seems like an obvious way to send malicious software to devices. According to Miller, speaking to technology website Ars Technica, the user does not have to do anything to go to the site.
The Nokia N9 MeeGo device exploit sounded severe as NFC, again, allowed a device to be controlled. Text messages and phone calls could be made and sent through a radio tag.
Not all Android devices can be exploited. However, a particular version of the Android software - 2.3 Gingerbread, still taking a majority share of software running on Android devices - is exploitable. It's possible that the exploits may work in the Android 4.0 Ice Cream Sandwich and Android 4.1 Jelly Bean, even though exploits may have been patched up.
A report recently revealed that around 10 percent of devices run Ice Cream Sandwich, then the latest version of Android. Considering it's probably a patches issue for older versions, devices should be running the operating system or Jelly Bean.
Exploited devices were unlocked and had an active screen. Google didn't comment on the exploit; Nokia said it is "actively investigating" the issue.
The exploit is worrying for Android: the operating system, along with iOS, saw malicious apps entering its Google Play app store recently. It'll be interesting to see if NFC integration in iOS 6 brings similar loopholes.
© 2013 Mobile & Apps All rights reserved. Do not reproduce without permission.