Friday, July 27, 2012

From Black Hat: Hackers Demonstrate N.F.C. Dangers - NYTimes.com

Hackers can steal photos, text messages, surf the Web and even make phone calls from your smartphone simply with the wave of a hand, researchers at the annual Black Hat security conference in Las Vegas said Wednesday.

Charlie Miller, a security researcher at Accuvant and serial smartphone hacker, demonstrated how easy it is for hackers to exploit near-field communication technology to take control of devices remotely. In front of a packed audience, he successfully hacked three smartphones using N.F.C.: a Samsung Nexus S, a Galaxy Nexus and a Nokia N9. In each case, he was able to access photos, send texts, browse the Internet and even make phone calls from the phones, without laying a finger on them.

Near-field communication technology makes it possible for two devices to speak to each other when they are in proximity. It can be used to, say, swap business cards virtually, play music on wireless speakers or pay for coffee with a smartphone. The technology is widely available internationally and is slowly being adopted in the United States.

The mobile payments industry is banking on it. Google?s mobile payments app, Google Wallet, lets users pay for items and redeem offers by tapping their phones to an N.F.C.-enabled terminal. New York taxicabs were early adopters of the technology. So were Samsung and Nokia. Smartphones that run Google?s Android and Nokia?s MeeGo operating systems are now N.F.C.-enabled and rumor has it that Windows and Apple smartphones will be next. N.F.C. was the hot buzzword at the Mobile World Congress in Barcelona earlier this year and analysts predict that some 70 million smartphones sold this year will include the technology.

Near-field communications is supposed to make our lives easier. But security researchers warn it will make hackers? lives easier too.
Mr. Miller showed that by bringing an N.F.C. tag, equipped with a chip, in proximity with an Android Nexus S phone he could send the phone?s browser to a malicious Web site and, from there, access the phone?s entire file directory and even install monitoring software.

Google patched the bug Mr. Miller used in the 4.01 version of Android. But even with the fix, he showed how a relatively new Google feature, called Android Beam, in its Ice Cream Sandwich operating system allows for the same exploit. The feature, which lets users share contacts and directions by bringing two devices in proximity, also makes it possible for hackers to take control of their Web browser and download malicious software from there.

Hacking the Nokia N9 phone using near-field communication technology, Mr. Miller demonstrated, is a piece of cake. The Nokia N9?s N.F.C. feature is not enabled by default. But once a user enables it, the phone starts accepting all connection requests, including from hackers. In his demonstration, Mr. Miller showed how he could exploit that feature to make phone calls, read texts and access photos.

Source: http://bits.blogs.nytimes.com/2012/07/26/from-black-hat-hackers-demonstrate-nfc-dangers/

daniel tosh kate upton Jason Kidd All Star Game 2012 directv rashard lewis frank ocean

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.