Mobile, Vulnerability

Researcher wows Black Hat with NFC-based smartphone hacking demo

Charlie Miller shows how it’s possible—though not easy—to trick Nokia 9 and Google/Samsung Nexus S smartphones

At the Black Hat Conference in Las Vegas Wednesday, Accuvant Labs researcher Charlie Miller showed how he figured out a way   to break into both the Google/Samsung Nexus S and Nokia N9 by means of the Near Field Communication (NFC) capability in the smartphones.

IN PICTURES: Quirkiest moments at 2012 Black Hat security conference

RELATED: Apple bans researcher Miller for app exposing iOS security flaw

QUIZ: Black Hat’s most notorious incidents

NFC is still new but it’s starting to become adopted for use in smartphone-based purchasing in particular. The experimentation that Miller did, which he demonstrated at the event, showed it’s possible to set up NFC-based   radio communication to share content with the smartphones to play tricks, such as writing an exploit to crash phones and even   in certain circumstances read files on the phone and more.

“I can read all the files,” said Miller about how he managed to break into the Nokia 9 when his home-made NFC-based device   is in very close proximity to the targeted smartphone. “I can make phone calls, too.”  Vulnerabilities he identified in the   Android-powered Nexus S were located in the browser surface, he said. NFC works at near-contact range, and it could not be   used to attack from any distance.

Miller said his efforts involved nine months of experimentation with NFC “fuzzing” techniques, and help from a cast of friends   and fellow researchers. He said he plans to make his home-grown NFC fuzzing tool available to help with testing of NFC implementations   “since there really aren’t any today.”

Advertisements
Standard

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s