Sign up for a new account or log in here:
also @ TechSpot: Asus' new lineup of Z87 Haswell motherboards revealed
New research by security specialists Accuvant has revealed at this year's Black Hat conference that the latest smartphones running Android, and equipped with Near Field Communications (NFC) capabilities, can be hijacked using malicious code loaded via the devices' web browser.
While the NFC protocol remains uncompromised and therefore as safe as ever, Charlie Miller, a principal researcher at the security firm noted that the way in which Android’s Beam software uses NFC is the real cause for concern, as it allows the handset's NFC chip to automatically access its web browser.
This opens the software to almost any kind of malicious browser-based attack via NFC. Criminals could create their own NFC stickers and place them on top of legitimate ones, which when swiped would send code to the NFC-enabled device and exploit the vulnerability using the web browser.
“What that means is with an NFC tag, if I walk up to your phone and touch it, or I just get near it, your Web browser, without you doing anything, will open up and go to a page that I tell it to,” said Miller. “So instead of the attack surface being the NFC stack, the attack surface really is the whole Web browser and everything a Web browser can do. I can reach that through NFC.”
The seriousness of the exploit is heightened by the fact NFC and Android Beam are usually enabled by default in handsets running Android ICS. Even more alarming is that Android Beam automatically downloads any file or web link sent through the service without giving its owner a way of selectively accepting or refusing transfers.
Miller's research also revealed that other NFC-equipped handsets running MeeGo, such as Nokia’s N9, also suffer with the same flaw. However, the larger concern is the number of Android handsets with NFC available, and that includes some of the most popular smartphones, such as Samsung’s Galaxy SIII, the Galaxy Nexus, Sony’s Xperia S and HTC’s One X, among others.
Related Products from Product Finder
HTC One X
The HTC One X runs Android 4 OS with the new Sense 4 user interface and the phone's powerful NVIDIA Tegra 3 processor, which has 4 processing cores that can run at speeds of up to 1.5GHz. On the front face of the phone is the secondary 1.3 megapixel camera for video chatting, which supports the primary 8 megapixel camera, with LED flash. It measures 134.5mm x 70.8mm (5.3in x 2.8in) and weight only 134g (4.7oz).
Samsung Galaxy S III GT-I9300
The Galaxy S III display is a 4.8-inch HD Super AMOLED screen featuring 720p (720 x 1280 pixel) resolution and a 306ppi pixel density. Is the Galaxy S III a worthy successor to the venerable Galaxy S II and does it help keep Samsung ahead of its rivals? In a word, yes.
Verizon Wireless Galaxy Nexus
Read expert reviews, pros & cons, and product information about Verizon Wireless Galaxy Nexus. There are 136 reviews available so far.
Sony Xperia S LT26i
Read expert reviews, pros & cons, and product information about Sony Xperia S LT26i. There are 124 reviews available so far.
User Comments: 2
Got something to say? Post a comment-
It's a given that these kinds of exploit is unavoidable since the implication of NFC-tech on a smartphone is still in its early stages. I wonder how Google will tackle this, I really love the android platform but Google being all "introduce new tech in every major update" won't really polish the operating system.
-
@Guest makes a good point. A case of staying too long at the bleeding edge. I hope there's some way to patch this problem automatically - it's a safe bet there are Android coders working late hours on a fix.
Most Popular
| Trending | Featured |
Subscribe to TechSpot
Get free exclusive content, learn about new features and breaking tech news.