All the latest UK technology news, reviews and analysis

Black Hat: Hacking guru reveals NFC smartphone hacking tricks

26 Jul 2012
Samsung Galaxy S3 S Beam

LAS VEGAS: Infamous security researcher Charlie Miller has demonstrated how near-field communication (NFC) - an increasingly popular technology in handsets like Samsung's Galaxy S3 - leaves an open door for attackers.

The Accuvant Labs research consultant showed attendees at the Black Hat conference a pair of demonstrations in which an attacking device could access a targeted handset and remotely execute files via NFC connections, such as those used by Samsung's S Beam.

In his demonstrations, Miller showed an Android handset being compromised by way of the Beam filing-sharing feature.

By way of initiating a peer-to-peer NFC session, typically initiated by tapping two handsets together, Miller was able to access a targeted handset and run code which allows an attacker to load an attack page without any notification or permissions.

In the second demonstration, Miller was able to exploit connections between NFC devices and Bluetooth components on the Nokia N9 to activate a handset, install and then execute files including a Powerpoint presentation.

The presentation was the result of several months of research in which Miller analysed the NFC format from its most basic radio communications system to the high-level components which link NFC hardware to third-party applications.

The report noted that in most cases the range was limited to contact in which the attacking device was a few inches away or touching the targeted device. Miller commented that attacks from long distances were highly unlikely.

Miller's conclusion was that in most cases, the weakest link in NFC was at the higher levels of the stack where more vulnerabilities could be exploited.

"The real attack surface is the browser, and that is pretty screwed up," Miller commented.

The presentation was also part of an effort by Miller to pique the interest of researchers and developers in NFC security. He noted that in the case of his demonstrations, possible attacks could be spotted simply by enabling NFC connection alerts and permissions as default on handset.

"Before you push a web page to me," Miller quipped, "for God's sake give me the option to say no."

Miller has a history of high-profile security presentations and discoveries. Between 2009 and 2011 he won a string of three consecutive Pwn2Own hacking contests and in 2011 the discovery of flaws in iOS lead to ouster from Apple's developer programme.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Shaun Nichols

Shaun Nichols is the US correspondent for He has been with the company since 2006, originally joining as a news intern at the site's San Francisco offices.

More on Security
What do you think?
blog comments powered by Disqus

Windows 7 end of mainstream support

What are your plans for when Microsoft ends mainstream support for Windows 7 in January 2015?

Popular Threads

Powered by Disqus
LG G3 in gold black and white

LG G3 vs Galaxy S5 video

We pit the two Korean firms' flagship smartphones against each other

Updating your subscription status Loading

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging


Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

Senior ETL Developer

Our financial services client based in Glasgow is looking...

Customer-facing Junior Software Analyst - Nottingham - £20k

One of Nottingham's fastest-growing Software Houses have...



Control & Governance Manager - Financial Services

Control & Governance Manager - (Governance/Control...
To send to more than one email address, simply separate each address with a comma.