The Black Hat security conference kicked off yesterday in Las Vegas, and one researcher has demonstrated an NFC exploit that affects Android and certain Nokia phones. Charlie Miller showed how NFC is typically enabled by default on most Android phones, and by getting close enough to the device it could be redirected automatically to malicious websites. In addition, he was able to send malware over to the device that exploits the browser, allowing the attacker to read cookie data, view web history, and even hijack the phone.
All of that could be done with no user interaction, Miller said. Certain posters use NFC tags to direct users to websites, and Miller detailed how modifying the tag on such posters could redirect users to malware or an exploited website. The problem lies with the NFC system automatically redirecting users to websites. Instead, phones should be secured so that the user receives a prompt, telling them that they’re being directed to a specific address.
In addition, Miller detailed how the Nexus S and Galaxy Nexus had bugs in the NFC parsing code, although he didn’t focus his attention on exploiting those holes. Ice Cream Sandwich reportedly patched the holes, but phones running Gingerbread are still vulnerable. Miller also pointed out a similar NFC issue on the MeeGo-based Nokia N9. That phone allows devices to be paired via NFC even if Bluetooth is turned off, which could allow an attacker to send text messages or make phone calls.
Still, it’s not all bad news: NFC doesn’t function when the device is locked and the screen is turned off. Even then, an attacker would need to get within a couple of centimeters of the device to trigger NFC connectivity. Having said that, passive attacks like the above poster example could be used to lure people into scanning malicious tags.