• Home
  • News
  • Reviews
  • Digital technology
  • Cloud
  • Data analytics
  • Digital leaders
  • IoT
  • Opinion
  • Events
  • Resources
  • SMB Spotlight
  • Newsletters
  • Sign in
  • Events
    • Follow V3 Events

      Sign up to receive email alerts about our events

      Sign up
  • Resources
    • V3resources 120x194
      Network Security Forensics For GDPR Compliance

      An effective network security forensics strategy can assist an organization in providing key compliance-related details as part of any post-incident GDPR investigation.

      Download
      V3resources 120x194
      10 ways to increase productivity with managed Office 365

      For businesses large and small, relying on a cloud-based collaboration and productivity suite such as Microsoft Office 365 is becoming the norm. Enhancing productivity in your organisation is vital to get ahead in 2017 - and using Office 365 can help, if it's used right...

      Download
      Find resources
      Search by title or subject area
      View all resources
  • SMB Spotlight
  • Sign in
  •  
    •  

      You are currently accessing V3 .co.uk via your Enterprise account.

      Personalise your on site experience

      Download and use the apps

      Access your subscription from outside of the office

      Get relevant news and insight straight to your inbox

      • Sign in
     
      • Newsletters
      • Account details
      • Contact support
      • Sign out
     
  • Follow us
    • RSS
    • Twitter
    • Newsletters
    • Facebook
    • YouTube
  • Register
  • News
  • Reviews
  • Digital technology
  • Cloud
  • Data analytics
  • Digital leaders
  • IoT
  • Opinion
 
  •  

    You are currently accessing V3 .co.uk via your Enterprise account.

    Personalise your on site experience

    Download and use the apps

    Access your subscription from outside of the office

    Get relevant news and insight straight to your inbox

    • Sign in
 
    • Newsletters
    • Account details
    • Contact support
    • Sign out
 
V3.co.uk
  • Security

Black Hat: Hacking guru reveals NFC smartphone hacking tricks

Researcher Charlie Miller outlines process for compromising handsets

Samsung Galaxy S3 S Beam
  • Shaun Nichols
  • Shaun Nichols
  • @shaundnichols
  • 26 July 2012
  • Tweet  
  • Facebook  
  •  
  •  
  • Send to  
0 Comments

LAS VEGAS: Infamous security researcher Charlie Miller has demonstrated how near-field communication (NFC) - an increasingly popular technology in handsets like Samsung's Galaxy S3 - leaves an open door for attackers.

The Accuvant Labs research consultant showed attendees at the Black Hat conference a pair of demonstrations in which an attacking device could access a targeted handset and remotely execute files via NFC connections, such as those used by Samsung's S Beam.

In his demonstrations, Miller showed an Android handset being compromised by way of the Beam filing-sharing feature.

By way of initiating a peer-to-peer NFC session, typically initiated by tapping two handsets together, Miller was able to access a targeted handset and run code which allows an attacker to load an attack page without any notification or permissions.

In the second demonstration, Miller was able to exploit connections between NFC devices and Bluetooth components on the Nokia N9 to activate a handset, install and then execute files including a Powerpoint presentation.

The presentation was the result of several months of research in which Miller analysed the NFC format from its most basic radio communications system to the high-level components which link NFC hardware to third-party applications.

The report noted that in most cases the range was limited to contact in which the attacking device was a few inches away or touching the targeted device. Miller commented that attacks from long distances were highly unlikely.

Miller's conclusion was that in most cases, the weakest link in NFC was at the higher levels of the stack where more vulnerabilities could be exploited.

"The real attack surface is the browser, and that is pretty screwed up," Miller commented.

The presentation was also part of an effort by Miller to pique the interest of researchers and developers in NFC security. He noted that in the case of his demonstrations, possible attacks could be spotted simply by enabling NFC connection alerts and permissions as default on handset.

"Before you push a web page to me," Miller quipped, "for God's sake give me the option to say no."

Miller has a history of high-profile security presentations and discoveries. Between 2009 and 2011 he won a string of three consecutive Pwn2Own hacking contests and in 2011 the discovery of flaws in iOS lead to ouster from Apple's developer programme.

  • Tweet  
  • Facebook  
  •  
  •  
  • Send to  
  • Topics
  • Security
  • Mobile Phones
  • Mobile Software
  • near-field communication
  • black hat
  • Android
  • Nokia

V3 Latest

BT plan to close down conventional fixed-line phone network by 2025 and go all-IP
BT plan to close down conventional fixed-line phone network by 2025 and go all-IP

BT wants to make the public switched telephone network history within eight years

  • Communications
  • 20 April 2018
Facebook Login hijacked by hidden web trackers, claim security researchers
Facebook Login hijacked by hidden web trackers, claim security researchers

Personal data being purloined by third parties via Facebook Login API

  • Security
  • 20 April 2018
Apple: we've no plans to merger iOS and MacOS
Apple: we've no plans to merger iOS and MacOS

MacOS and iOS are better off apart, says CEO Tim Cook

  • Desktops
  • 20 April 2018
Oracle: Java SE 8 business users must buy a licence from January next year
Oracle: Java SE 8 business users must buy a licence from January next year

Or they'll no longer be entitled to updates and bug patches

  • Developer
  • 20 April 2018
Back to Top

Most read

Oracle: Java SE 8 business users must buy a licence from January next year
Oracle: Java SE 8 business users must buy a licence from January next year
Scientists uncover new battery chemical with 50 percent more storage capacity
Scientists uncover new battery chemical with 50 percent more storage capacity
Former spies are scraping Facebook data to build a massive facial recognition database
Former spies are scraping Facebook data to build a massive facial recognition database
BT plan to close down conventional fixed-line phone network by 2025 and go all-IP
BT plan to close down conventional fixed-line phone network by 2025 and go all-IP
Oracle tells President Trump that winner-takes-all cloud contract for Pentagon is nonsense
Oracle tells President Trump that winner-takes-all cloud contract for Pentagon is nonsense
  • Contact
  • Marketing solutions
  • Enterprise IT Events
  • About
  • Terms & conditions
  • Privacy policy
  • RSS
  • Twitter
  • Newsletters
  • Facebook
  • YouTube

© Incisive Business Media (IP) Limited, Published by Incisive Business Media Limited, New London House, 172 Drury Lane, London WC2B 5QR, registered in England and Wales with company registration numbers 09177174 & 09178013

Digital publisher of the year
Digital publisher of the year 2010, 2013, 2016 & 2017