New research by security specialists Accuvant has revealed at this year's Black Hat conference that the latest smartphones running Android, and equipped with Near Field Communications (NFC) capabilities, can be hijacked using malicious code loaded via the devices' web browser.
While the NFC protocol remains uncompromised and therefore as safe as ever, Charlie Miller, a principal researcher at the security firm noted that the way in which Android’s Beam software uses NFC is the real cause for concern, as it allows the handset's NFC chip to automatically access its web browser.
This opens the software to almost any kind of malicious browser-based attack via NFC. Criminals could create their own NFC stickers and place them on top of legitimate ones, which when swiped would send code to the NFC-enabled device and exploit the vulnerability using the web browser.
“What that means is with an NFC tag, if I walk up to your phone and touch it, or I just get near it, your Web browser, without you doing anything, will open up and go to a page that I tell it to,” said Miller. “So instead of the attack surface being the NFC stack, the attack surface really is the whole Web browser and everything a Web browser can do. I can reach that through NFC.”
The seriousness of the exploit is heightened by the fact NFC and Android Beam are usually enabled by default in handsets running Android ICS. Even more alarming is that Android Beam automatically downloads any file or web link sent through the service without giving its owner a way of selectively accepting or refusing transfers.
Miller's research also revealed that other NFC-equipped handsets running MeeGo, such as Nokia’s N9, also suffer with the same flaw. However, the larger concern is the number of Android handsets with NFC available, and that includes some of the most popular smartphones, such as Samsung’s Galaxy SIII, the Galaxy Nexus, Sony’s Xperia S and HTC’s One X, among others.
The HTC One X runs Android 4 OS with the new Sense 4 user interface and the phone's powerful NVIDIA Tegra 3 processor, which has 4 processing cores that can run at speeds of up to 1.5GHz. On the front face of the phone is the secondary 1.3 megapixel camera for video chatting, which supports the primary 8 megapixel camera, with LED flash. It measures 134.5mm x 70.8mm (5.3in x 2.8in) and weight only 134g (4.7oz).
The Galaxy S III is the third generation of the Samsung's S smartphones family. It features a 4.8-inch HD Super AMOLED display featuring 720p resolution and a 306ppi pixel density. Also you can find an 8 megapixel camera, LED flash, an user replaceable 2100mAh battery, micro-SIM slot, and microSD card slot for storage expansion.
Downloads and Drivers
From the Forums
Subscribe to TechSpot
Get free exclusive content, learn about new features and breaking tech news.