Forgot your password?
typodupeerror
Android Security Cellphones Handhelds Wireless Networking IT

Android Hacked Via NFC On the Samsung Galaxy S 3 198

Posted by timothy
from the use-barrier-methods dept.
An anonymous reader writes with an item from The Next Web: "Security researchers participating in the Mobile Pwn2Own contest at the EuSecWest Conference in Amsterdam [Wednesday] demonstrated how to hack Android through a Near Field Communication (NFC) vulnerability. The 0day exploit was developed by four MWR Labs employees (two in South Africa and two in the UK) for a Samsung Galaxy S 3 phone running Android 4.0.4 (Ice Cream Sandwich). Two separate security holes were leveraged to completely take over the device, and download all the data from it."
This discussion has been archived. No new comments can be posted.

Android Hacked Via NFC On the Samsung Galaxy S 3

Comments Filter:
  • Re:And... iOS6 (Score:5, Insightful)

    by jkflying (2190798) on Thursday September 20, 2012 @10:15AM (#41398837)

    They did it via a malicious webpage. I said hack, not jailbreak.

  • to be fair (Score:4, Insightful)

    by batistuta (1794636) on Thursday September 20, 2012 @10:20AM (#41398903)

    you also need to have NFC enabled on your Galaxy for this to work. NFC is enabled by default, sure. But it can be disabled easily. I also find myself living happily without NFC, but not without tethering, which I use daily during my bus commute.

    So my point is that both vulnerabilities suck, and which one sucks the most depends solely on your use-case. There is no point in saying that one device is more secure than the other, both Apple and Google seem to suck big time here. You should not store any sensitive data on your phone.

  • by fuzzyfuzzyfungus (1223518) on Thursday September 20, 2012 @10:28AM (#41398989) Journal

    The Hacks just prove that there is a rush to implement new technology without considering the security implications of the tech.

    This is just history repeating itself. Every company wants to be the first to announce this brand new, 'cool' feature, but none will wait for the 'geeks' to test it for security issues.

    The irksome thing is that, while NFC is mildly novel in terms of the RF tricks(supporting both active/passive RFID-type use cases and short-range active/active ones), and I could see there being some teething pains on that side, these attacks are on NFC as an external data bus that wasn't attended to properly... Some sort of 'specially crafted responses cause hard lockup on $FOOCORP NFIC123 chips with firmware 1.0A' attack would be bad; but more or less par for the course. A more generic 'Hi guys! We added another wireless interface to your phone that happily talks to anything nearby by default, and even automatically executes certain local commands based on what it hears, that's cool, right?" mistake is... unimpressive.

    NFC may be new; but the fact that an easily accessible external bus would be an attack vector, against which you should be on your guard, sure isn't. It's less clunky that having some 80's 25-pin RS-232 port on the back of your phone; but it's conceptually pretty similar.

  • by vawwyakr (1992390) on Thursday September 20, 2012 @10:32AM (#41399049)
    I think that is pretty key here, 185 times at the range of less than and inch or so is basically someone sitting there next to you pretty much touching you for 5 minutes. Obviously this is something that needs to be fixed but I'll hold off on my panic just yet. Even if it worked on the first try someone would have to first identify you as having a vulnerable phone, and where you have if (ie which pocket, etc) then get so close as to be practically touching you and then they have to hope that you have nfc enabled. This isn't some sort of thing you can do just casually walking down the street. It might be an issue for a particular person being targeted but not very likely for a random attack.
  • by fuzzyfuzzyfungus (1223518) on Thursday September 20, 2012 @10:35AM (#41399087) Journal

    The more worrisome thing is probably that NFC is built in in the hope that swiping it all over the place against untrusted devices will become a normal behavior(sort of the way that attacks against the USB charge/data port are wildly impractical, until random charging kiosks start popping up in airports and all over the place, at which point behavioral protection goes out the window, and a bunch of systems intended only to connect to your home PC start getting shoved into god-knows-what...). Sure, as an attack to execute against the phone in your pocket, it is only marginally more practical than making a stab for the USB port; but if the happy-magic-future-of-even-more-middlemen-and-fees comes to pass, you'll see anywhere between several and dozens of readers a day getting a chance to try whatever they want when you shove your phone onto the pad(plus, if ATMs and mag stripe skimming are any indication, it will be about 20 minutes before somebody comes out with a nice little stick-on thin-circuit-in-rugged-sticker NFC 'skimmer' that can be planted on top of legitimate NFC pads and will do its best to MitM legitimate conversations or attack devices while they converse with the genuine NFC pad and log the results).

  • by vawwyakr (1992390) on Thursday September 20, 2012 @11:07AM (#41399605)
    So that assumption here is what? Someone walks down the street bumping into random strangers repeatedly hoping that:

    1) The bump into the side where the strangers phone was being held.
    2) The two phones are perfectly at the same height (presumably in a pocket).
    3) The strangers phone is vulnerable.
    4) They have NFC enabled.
    5) They could hold the phones in contact for the about of time necessary to transfer both an overloaded filed (presumably exceeded a buffer limit) and THEN also transfer the app compromised app that allows the actual hack to work (over a connection with a maximum bandwidth of a few hundred kbits/s).
    6) Then after the hack succeeded they remained in contact long enough for the data from the strangers phone to be transferred back to the hackers phone.

    All with anyone noticing? That's all assuming they fix whatever issue was causing it to need to be run 185 times before it finally worked? Assuming those 185 times were the incremental transfers of all the data needed? Again I'm still not scared. And this is fixed in Jelly bean (which my S3 is running...doom on you close talking random guy on the street thinking you finally found someone with an S3 to stand uncomfortably close to!).
  • Only on Slashdot (Score:5, Insightful)

    by EGSonikku (519478) <petersen.mobileNO@SPAMgmail.com> on Thursday September 20, 2012 @11:38AM (#41400109)

    Someone discusses an NFC hack to root and steal data off Android and half the posts are "Apple isn't secure either!"

    Focus people! Slashdot is supposed to be the home of Linux and Open Source and über hacks! Why isn't anyone deceminating how this hack works and posting some kind of work-around that isn't just "Don't use NFC" (a feature which Apple gets derided for not having)?

    Remember, a fix isn't "Don't use NFC and switch to another browser." Let's assume a user *likes* NFC, and *likes* his web browser as it is. Lets *fix* the problem here. Any thoughts or conjecture?

  • Re:And... iOS6 (Score:4, Insightful)

    by hobarrera (2008506) on Thursday September 20, 2012 @12:14PM (#41400689) Homepage

    Ever been on the subway or a bus? It's around 0cm in either of those during some hours of the day.

Philogyny recapitulates erogeny; erogeny recapitulates philogyny.

Working...