A presentation from a research consultant has revealed the ability to hack into Android and MeeGo devices via NFC exists. The exploit allows information to be sent over short distances through the software, like the NFC-enabled Android Beam, and even the ability to control a device.
Charlie Miller, a research consultant at security firm Accuvant, presented the hack. The hack allows data to be stolen from three handsets. Included are the Samsung Nexus S, from Google; the company's Samsung Galaxy Nexus device; and the Nokia N9. The devices run the Android and MeeGo mobile operating systems.
In the presentation, Miller abused the Android Beam feature using NFC, allowing data to be sent over short distances, similar to Bump for iOS and Android. For those not in the know, Bump is an app that allows contact information to be sent by 'bumping' phones together.
Miller revealed that a default setting in the Beam software exists, which allows a link to be opened or a file to be sent to the device. In a seemingly simple exploit; therefore, Miller could redirect a device's browser to a website exploiting vulnerabilities in Android. It seems like an obvious way to send malicious software to devices. According to Miller, speaking to technology website Ars Technica, the user does not have to do anything to go to the site.
The Nokia N9 MeeGo device exploit sounded severe as NFC, again, allowed a device to be controlled. Text messages and phone calls could be made and sent through a radio tag.
Not all Android devices can be exploited. However, a particular version of the Android software - 2.3 Gingerbread, still taking a majority share of software running on Android devices - is exploitable. It's possible that the exploits may work in the Android 4.0 Ice Cream Sandwich and Android 4.1 Jelly Bean, even though exploits may have been patched up.
A report recently revealed that around 10 percent of devices run Ice Cream Sandwich, then the latest version of Android. Considering it's probably a patches issue for older versions, devices should be running the operating system or Jelly Bean.
Exploited devices were unlocked and had an active screen. Google didn't comment on the exploit; Nokia said it is "actively investigating" the issue.
The exploit is worrying for Android: the operating system, along with iOS, saw malicious apps entering its Google Play app store recently. It'll be interesting to see if NFC integration in iOS 6 brings similar loopholes.
most read
related stories
more stories from OS / Software
Microsoft has reportedly started talks with HTC to add its Windows OS to the phone maker's Android smartphones and HTC is apparently considering to make a Windows Phone/Android dual-booting smartphone.
ernest hamiltonA bug in Chrome for iOS 7 has caused Google's mobile browser to leak private searches made in 'Incognito' mode.
ernest hamiltonHTC has announced that Sprint has already started to roll out the Android 4.3 update to the HTC One, AT&T and T-Mobile will follow in mid-October, while Verizon will release it by the end of the month.
ernest hamiltonThe new Windows 8.1 has gone up for pre-order on the Microsoft Store, ahead of the official launch on Oct. 18.
ernest hamiltonApple has acknowledged the iOS 7 iMessage issue and promised to provide a fix in an upcoming software update.
ernest hamiltonSamsung Canada and French carrier SFR have confirmed the Android 4.3 Jelly Bean rollout schedule for the Samsung Galaxy S4, Galaxy S3 and Galaxy Note 2.
ernest hamiltonThe unlocked, international HTC One is getting Android 4.3 Jelly Bean now, but the U.S. and Canadian versions will 'slightly miss' the end-September timeframe.
ernest hamiltonThe Samsung Galaxy S4, Galaxy S3 and Galaxy Note 2 are reportedly slated to get Android 4.3 Jelly Bean in the fourth quarter, by year-end.
ernest hamilton