Friday, July 27, 2012

NFC could be the next big security exploit



Everyone is looking for something to put fear into people and the latest is NFC. Security researcher Charlie Miller recently showed flaws in the way Android (and MeeGo) handles NFC. He designed an NFC tag that was able to execute malicious code on a device. Obviously this tag could be place anywhere like a point-of-sale terminal.
The issue is not NFC in general, but more of the software implementation. The Android Beam specification allows NFC to automatically launch the web browser which allows for a wide range of web-based exploits. A lot of the browser bugs that were in older versions of Android have been fixed, but early Ice Cream Sandwich builds still have a lot of security holes related to the WebKit-based stock browser. A simple fix to this would be a pop up notifying the user that NFC is trying to open the browser and to either give or deny permission.
Older Android phones are still an issue in that Miller was able to hijack the application daemon that controls NFC functions in Android 2.3, in a sense bypassing the browser. Thankfully there really isn’t too many devices on Android 2.3 that have NFC. Miller used a Nexus S to demonstrate.
So there you have it folks. Is this the next big scare? I would assume Google will make software fixes accordingly, but the bottomline is that for anyone to exploit your phone (or tablet) with this method, they have to be really close to you.

0 comments:

Acer (1) Amazon (4) Android (57) Android Accessories (8) Android Applications (32) Android Carriers (39) Android Customization (14) Android Development (17) Android Gaming (13) Android Guides (1) Android Hacks (8) Android Lawsuits (8) Android Leaks (18) Android Manufacturers (73) Android Manufactures (1) Android Manufatures (1) Android News (108) Android Phones (70) Android Retailers (7) Android ROMS (12) Android Rooting (15) Android Rumours (16) Android Rumours Android Manufacturers (3) Android SDK (1) Android Security (2) Android Software (28) Android Tablets (30) Android Tutorials (1) Android Updates (17) Apple (11) Asus (3) AT and T (1) Atrix HD (1) August (1) available (1) Banned (1) Brings (1) Buddy (1) ChatON (1) Coming (1) Contests (1) Devices (1) Facebook (1) Featured Play Store Newbies (1) features (1) Fire Fox (1) Free Amazon Apps (1) Galaxy (28) Galaxy Nexus (1) Galaxy Note (3) Galaxy S3 (1) Games (2) German (1) Glory (1) Google (17) Google News (25) Google Nexus (3) Google Play (8) Google TV News (1) Greatest (1) headed (1) Hefty (1) HTC (7) Huawei (1) includes (1) Infringes (1) InvisibleSHIELD (1) Invitations (1) iPad (1) Jelly (3) Kickstand (1) launch (1) Launches (1) Leads (1) LG (6) Lightray (1) likely (1) Market (1) Metal (1) MetroPCS (1) Micromax (1) Microsoft (2) Microsofts (1) Million (1) Motorola (11) Mozilla (1) Nexus (15) Nikon (1) Nokia (1) Officially (1) Olympic (1) OnLive (1) other (1) Pantech (1) patent (1) Play Store (2) Podcast (1) QuadCore (1) review (1) Rumours Android Manufacturers (1) Samsung (47) Samsung Tabs (1) Samsungs (1) SCHR940 (1) Seidio (1) Share (1) Shipments (1) Smart Phones (20) Smartphone (1) Smartphones (2) sony (2) Sony Ericsson (6) Start (1) SURFACE (1) Tablet (1) Tablets (3) TEC News (47) Tips and Tricks (1) Toshiba (1) Unique (2) Unpacked (1) unveiling (1) updated (1) Verizon (2) Windows (1) World (1) Xperia (8) YouTube (1)