Android, MeeGo Smartphones Hacked, Show NFC Vulnerability
As mobile payment systems are increasingly gaining more momentum, you may not want to stand too close to Charlie Miller or other hackers of his caliber. Just as NFC is emerging as the must-have technology for any major smartphone, a demonstration at the Black Hat USA 2012 security conference showed Samsung and Nokia smartphones were hacked through an NFC vulnerability.
Smartphone payment systems such as Google Wallet allow Android users to use their phones to make payments with their credit cards, making it more comfortable and convenient. Near-Field Communication, or NFC for short, is a short-range wireless technology that will soon be available on all major smartphones. NFC is designed to let users beam content to nearby devices and use their smartphones as mobile wallets, but it could also be a very appealing target for hackers.
Charlie Miller, a principal research consultant at security company Accuvant, demonstrated on July 25 how NFC can be used to hack into a smartphone and access user information. Miller demonstrated possible hack scenarios using a Google Nexus S device running Android 2.3 Gingerbread, a Samsung Galaxy Nexus running Android 4.0 Ice Cream Sandwich and a Nokia N9 running MeeGo 1.2.
"It turns out that NFC, using technology like Android Bean or NDEF [NFC Data Exchange Format] content sharing, one can make some phones parse images, videos, contacts, office documents, even open up Web pages in the browser, all without user interaction," reads a description of Miller's talk, titled "Don't Stand So Close to Me," on the Black Hat event site.
Several of today's mobile payment solutions, including Google Wallet, rely on NFC technology. Google Wallet can be used at numerous merchants through a partnership with MasterCard's NFC-based PayPass service, but such solutions have not been widely adopted yet for a number of reasons. Security is one of them.
HTC, Research in Motion (RIM), LG, Motorola, Huawei, and ZTE currently offer NFC-enabled phones, Patents filed by Apple with the U.S. Patent and Trademark Office (USPTO) indicate that the next-generation iPhone may include the technology as well. NFC could gain a tremendous boost if Apple joins the party and analysts already have great hopes for the technology. According to Juniper Research, by 2017, one in four mobile phone users in the U.S. and Western Europe will be using NFC-enabled phones to make in-store purchases, while global NFC payments are expected to exceed $180 billion that year.
Samsung and Sony have been working to extend the use of NFC beyond mobile payments with their Galaxy S3 and Xperia ion smartphones, respectively. Both companies offer inexpensive packs of NFC tags programmable with a free application. When users tap their phones to a programmed tag, they can make the phones do a number of things, including sending a text message. Miller, however, demonstrated how such a tag could send a phone to a malicious website that could hack into the device and grab user information.
"If I walk up to your phone and touch it, or I just get near it, your Web browser, without you doing anything, will open up and go to a page that I tell it to," Miller told Ars Technica before the demonstration.
Phones running Android or MeeGo would have to be unlocked to be attacked and they would be in the scenarios Miller demonstrated. It only takes a few seconds with the device unlocked and an attacker who knows the "target" could easily send a text message or call to ensure the device is unlocked.
The Nokia N9 does not enable NFC by default, but according to Ars Technica, "the phone accepts file transfers initiated by other users without warning" when NFC is turned on, even if the technology is configured to notify the user before accepting an NFC request. Miller's demonstration cast a shadow on the promising NFC technology, but all is not lost yet.
Google introduced Android Beam along with Ice Cream Sandwich, explaining to developers that NFC is an easier way to send data because NFC does not require pairing or device discovery. "The connection is automatically started when two devices come within range," said the company. Now, however, this feature no longer seems like an asset but a vulnerability.
Following the Back Hat demonstration, Nokia issued a statement saying it is aware of Miller's work and is looking into the claims concerning the Nokia N9 security. "Although it is unlikely that such attacks would occur on a broad scale, given the unique circumstances, Nokia is currently investigating the claims using our normal processes and comprehensive testing."
"NFC is not doomed," as senior analyst Ezra Gottheil told eWEEK. The problems are fixable and users can now breathe easy as the bug issue can be resolved.