Near-field communication helps you pay for things using your phone, quickly get through subway turnstiles and more. But NFC could give a hacker access to your phone just by standing next to you.
NFC interacts using small tags that can be as thin as stickers. These tags contain a small antenna that detects the incoming interaction. Realistically, you need to be very close to your target to successfully get the NFC interaction going. Charlie Miller, principal research consultant at Accuvant Labs, showed a video at the Black Hat security conference in Las Vegas of him following a friend, with his hand awkwardly close to his buddy’s back pocket. But you only need to consider how many pick-pockets exist in the world to realize how real this attack could be.
Miller admitted the attack is difficult to perform, and many of the bugs he found in NFC are not too extensive. Indeed, he blamed this on the fact that NFC chips are small and only have so much space to hold data.
But he was able to exploit a bug in Nokia’s N9 smartphone that really showed the power of an NFC hack. The N9 has a feature in it called “pairing,” which allows the phone to connect to other devices using Bluetooth and NFC. In the N9’s case, you can use pairing to transfer the song you’re listening to on your device to a dedicated speaker.
If a hacker creates a tag that can pair the phone, she can have access to the Bluetooth network and eventually make it into the rest of the phone. Miller demoed the hack and pulled all the data from the phone, including the photos and address book. He also showed that you can sen text messages to other phones using the hacked phone, as well as make calls.
His message to the mobile security community? Make phones prompt the user before accepting an NFC connection.
“NFC attacks are really hard to test,” said Miller at the Black Hat conference. “The biggest takeaway is, before you push a webpage to me or something, for God’s sake, give me the option to say no.”
Image via Meghan Kelly/VentureBeat
VB's research team is studying mobile user acquisition... Chime in here, and we’ll share the results.