Hasta La Gadget!

The Black Hat security conference kicked off yesterday in Las Vegas, and one researcher has demonstrated an NFC exploit that affects Android and certain Nokia phones. Charlie Miller showed how NFC is typically enabled by default on most Android phones, and by getting close enough to the device it could be redirected automatically to malicious websites. In addition, he was able to send malware over to the device that exploits the browser, allowing the attacker to read cookie data, view web history, and even hijack the phone.

All of that could be done with no user interaction, Miller said. Certain posters use NFC tags to direct users to websites, and Miller detailed how modifying the tag on such posters could redirect users to malware or an exploited website. The problem lies with the NFC system automatically redirecting users to websites. Instead, phones should be secured so that the user receives a prompt, telling them that they’re being directed to a specific address.

In addition, Miller detailed how the Nexus S and Galaxy Nexus had bugs in the NFC parsing code, although he didn’t focus his attention on exploiting those holes. Ice Cream Sandwich reportedly patched the holes, but phones running Gingerbread are still vulnerable. Miller also pointed out a similar NFC issue on the MeeGo-based Nokia N9. That phone allows devices to be paired via NFC even if Bluetooth is turned off, which could allow an attacker to send text messages or make phone calls.

Still, it’s not all bad news: NFC doesn’t function when the device is locked and the screen is turned off. Even then, an attacker would need to get within a couple of centimeters of the device to trigger NFC connectivity. Having said that, passive attacks like the above poster example could be used to lure people into scanning malicious tags.

[via CNET]

Android and Nokia NFC exploits detailed at Black Hat is written by Ben Kersey & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.

Thought NFC is a relatively unused feature in this side of the world, there is no reason for it to be left as it is. As proven by a smartphone hacker named Charlie Miller. The hacker recently found a way to take advantage of the NFC capabilities of the Samsung Galaxy Nexus and Nokia’s N9. By simply using an NFC tag, the hacker said he was capable of making your smartphone run its web browser and load a website (containing malicious code or commands) – all he had to do was place the chip in close proximity to the phone. Can you imagine the repercussions if these chips were widely available for people to get their hands on. Crowded places like restaurants, public transportation systems and shopping malls could all turn into hijacking grounds for smartphones.

The chip works by taking advantage of the fact that smartphones don’t require any authorizations or confirmations from the users when receiving commands over NFC. In fact, there is no way for users to selectively approve or reject a specific transfer initiated – which makes preventing this hack quite difficult. It’s up to Google to close these vulnerabilities in Android and as for the N9, I guess it’s in the hands of the developer community to fix MeeGo. Let’s hope these problems are fixed before NFC becomes more popular here.

[Image Credit]

By Ubergizmo. Related articles: Nokia N9 could receive Android 4.0 Ice Cream Sandwich port, Alibaba brings mobile wallet technology to China,

NFC Gumball Machine from Razorfish – Emerging Experiences on Vimeo.

Gumball machines typically dispense gumballs, which we guess is a given, but the folks at Razorfish have decided to come up with something a little different. Utilizing an old gumball machine, an NFC shield, a reed switch and 2 Arduino microcontrollers, they have rigged this gumball machine to dispense anything but gumballs. Instead the Gum Machine will dispense digital goodies in place of candy, such as apps, movies, songs, ebooks and other digital content that can be transferred to smartphones via NFC. How much does it cost, you ask? Well apparently all it would cost is $0.25 and you could be on the receiving end of any of the digital goodies. Of course this is completely random and you might end up with something you might not need, but hey it’s a pretty novel idea and that we can appreciate! If you’d like to see the Gum Machine in action, be sure to check it out in the video above or head on over to Razorfish’s website for the details!

By Ubergizmo. Related articles: NFC-enabled Android and Nokia phones vulnerable to hijacking, Google Wallet support arrives on Nexus ,

NFC technology is not new, but the adoption rate of this technology has been minimal at best. Even efforts to include NFC connectivity in devices such as tablets and smartphones have not really taken off in a huge way, and most smartphones users too have yet to make a wireless payment via NFC. Google Wallet, despite being around for quite some time already, has until now received limited support from carriers. Perhaps things might change with the introduction of the new Nexus 7 tablet, as Google has announced an update for the Nexus 7 tablet which will introduce Google Wallet support.

One might argue that this does not make much sense at all, considering how a 7″ tablet is not exactly the most convenient method to perform payments on-the-go, but since you are already toting the Nexus 7 in an extra large cargo pants pocket or toting it around in a bag, why not give it a go when the opportunity arises? Using your credit card might still be a time saver, but there are bargains to be had with Google Wallet. Hopefully!

By Ubergizmo. Related articles: Google Wallet the next big thing?, Google updates Nexus 7 shipping details via Google Play support page,

While it’s tested the idea several times in the past, London’s Tube system won’t be getting mobile-based payment technology any time soon. Customer Experience Director Shashi Verma told GigaOM that existing NFC technology wasn’t able to drop below the 500 millisecond barrier — something which Transport for London demands from its high-churn Oyster card-based turnstiles. Verma added, “The concerns are only around NFC technology and not EMV. We are keen to see any progress the industry can make in this area.” At least for the near-future, it looks like Brits will have to glue their NFC cards to their phones if they want that contactless payment look while journeying around London.

Filed under: Cellphones, Misc. Gadgets

London Underground: NFC mobile payment technology ‘too slow’ for the tube originally appeared on Engadget on Wed, 11 Jul 2012 07:43:00 EDT. Please see our terms for use of feeds.

Permalink   |  GigaOM  | Email this | Comments