Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Android Security Cellphones Handhelds Wireless Networking IT

Android Hacked Via NFC On the Samsung Galaxy S 3 198

Posted by timothy
from the use-barrier-methods dept.
An anonymous reader writes with an item from The Next Web: "Security researchers participating in the Mobile Pwn2Own contest at the EuSecWest Conference in Amsterdam [Wednesday] demonstrated how to hack Android through a Near Field Communication (NFC) vulnerability. The 0day exploit was developed by four MWR Labs employees (two in South Africa and two in the UK) for a Samsung Galaxy S 3 phone running Android 4.0.4 (Ice Cream Sandwich). Two separate security holes were leveraged to completely take over the device, and download all the data from it."
This discussion has been archived. No new comments can be posted.

Android Hacked Via NFC On the Samsung Galaxy S 3

Comments Filter:
  • by Anonymous Coward on Thursday September 20, 2012 @09:08AM (#41398719)

    This was hacked via NFC. But I live in Pittsburgh, and the Steelers are in the AFC.

    So I can assume I am safe?

  • And... iOS6 (Score:5, Informative)

    by jkflying (2190798) on Thursday September 20, 2012 @09:09AM (#41398729)

    At the same event, they also hacked iOS6. Just to give an unbiased view...

    • by Anonymous Coward on Thursday September 20, 2012 @09:10AM (#41398747)

      You must be new here.

    • by dimeglio (456244)

      But it's certainly not using passive NFC.

    • by TeRanEX (916440) on Thursday September 20, 2012 @09:29AM (#41399019) Homepage

      At the same event, they also hacked iOS6. Just to give an unbiased view...

      So apple can now sue Samsung because they copied the 'security issues'-feature from the iphone into the Galaxy?

    • Re:And... iOS6 (Score:5, Informative)

      by UnknowingFool (672806) on Thursday September 20, 2012 @10:16AM (#41399751)

      Also for unbiased view, Pwn2Own is turn based as far as I remember. So any gloating that X device was first to be pwned is meaningless. Teams register before the contest. Team order is chosen randomly (drawing straws, 12 sided dice, whatever). The first team decides which device to be hacked and is given a time period to do so. If they succeed, they get the device. If the first team fails, the second team gets their chance and choice of device. If the first team succeeds, the next team with an unhacked device goes. Some teams register for multiple devices to get a better chance to win something.

      So gloating that iOS or Androd was first to be pwned is useless. It doesn't tell anything about ease of hack or relative security of devices. What matters if they were pwned.

      • by mjwx (966435)

        So gloating that iOS or Androd was first to be pwned is useless. It doesn't tell anything about ease of hack or relative security of devices. What matters if they were pwned.

        What matters is how easily and how quickly (in terms of "go to pwned") they were pwned.

        A web browser vulnerability concerns me more than a NFC vulnerability where an attacker has to upload a malicious file. A web browser vulnerability can get you anywhere, you just have to navigate to a site with the malicious code. With an the NFC vulnerability, you have to have your phone centimetres from mine.

        From the article about the IOS vulnerability

        The security researchers used a malicious webpage to send the iPhone 4Sâ(TM) address book, browsing history, photos, and videos to a server of their choice. It was a drive-by download attack, meaning the user just has to go to the website,

        So if my favourite site, IOS.foo.com gets hacked and the malici

    • Yes, iOS6 was hacked. So if you were lured into visiting some bad web site site someone could potentially see your address book and photos - Oh no!

      Meanwhile everyone you bump with the S3 could be a carrier of a filthy, filthy disease that would render your entire system open to keyloggers or whatever.

      The iOS6 attack is read only, the NFC attack write...

    • At the same event, they also hacked iOS6. Just to give an unbiased view...

      Actually you seem a little misleading given that the iPhones don't have NFC. I think the true subject of the article is NFC not Android. The fact that iOS and Android can get hacked by a malicious webpage seems a bit off topic.

      Android and Samsung are mentioned prominently only to get people's attention.

    • iOS6 being hacked doesn't change that NFC is a busted technology.
    • At the same event, they also hacked iOS6. Just to give an unbiased view...

      ...and CNET has more details... http://m.cnet.com/news/iphone-4s-samsung-galaxy-s3-hacked-in-contest/57516966 [cnet.com]

  • Hopefully they actually patch something like this, but knowing Verizon, AT&T, etc it won't for at least 6 months

    • Whilst if Apple acknowledges the security issue, they will fix it pretty quick for ALL devices, OTA.
    • How are service providers involved in what updates you install on your OS, which is not developed or maintained by them?

      • by CoolVC (131998)

        Good question. That's part do the reason I have an iPhone. Less carrier involvement in everything.

  • by pablo_max (626328) on Thursday September 20, 2012 @09:11AM (#41398781)

    I am not totally sure why these handset hacks are always such big news. What are the chances that this can happen to a normal person? One, you would need to have NFC enabled, which people may do, but at least I never do by default. Two, you need physical access to the handset.
    Has it not been the case for a very long time that if you lose your handset that someone can use it, NFC or no NFC? Oh, and they need to trigger the exploit 185 times before it worked. I think we are still reasonably safe.

    • by CimmerianX (2478270) on Thursday September 20, 2012 @09:15AM (#41398835)

      The Hacks just prove that there is a rush to implement new technology without considering the security implications of the tech.

      This is just history repeating itself. Every company wants to be the first to announce this brand new, 'cool' feature, but none will wait for the 'geeks' to test it for security issues.

      • by fuzzyfuzzyfungus (1223518) on Thursday September 20, 2012 @09:28AM (#41398989) Journal

        The Hacks just prove that there is a rush to implement new technology without considering the security implications of the tech.

        This is just history repeating itself. Every company wants to be the first to announce this brand new, 'cool' feature, but none will wait for the 'geeks' to test it for security issues.

        The irksome thing is that, while NFC is mildly novel in terms of the RF tricks(supporting both active/passive RFID-type use cases and short-range active/active ones), and I could see there being some teething pains on that side, these attacks are on NFC as an external data bus that wasn't attended to properly... Some sort of 'specially crafted responses cause hard lockup on $FOOCORP NFIC123 chips with firmware 1.0A' attack would be bad; but more or less par for the course. A more generic 'Hi guys! We added another wireless interface to your phone that happily talks to anything nearby by default, and even automatically executes certain local commands based on what it hears, that's cool, right?" mistake is... unimpressive.

        NFC may be new; but the fact that an easily accessible external bus would be an attack vector, against which you should be on your guard, sure isn't. It's less clunky that having some 80's 25-pin RS-232 port on the back of your phone; but it's conceptually pretty similar.

    • by vawwyakr (1992390) on Thursday September 20, 2012 @09:32AM (#41399049)
      I think that is pretty key here, 185 times at the range of less than and inch or so is basically someone sitting there next to you pretty much touching you for 5 minutes. Obviously this is something that needs to be fixed but I'll hold off on my panic just yet. Even if it worked on the first try someone would have to first identify you as having a vulnerable phone, and where you have if (ie which pocket, etc) then get so close as to be practically touching you and then they have to hope that you have nfc enabled. This isn't some sort of thing you can do just casually walking down the street. It might be an issue for a particular person being targeted but not very likely for a random attack.
      • You've never met a woman have you? Sorry that was rhetorical - it is /. after all....

        "Miss stop touching me, stop holding yourself so close, stop letting your hands roam all over my body..."
    • One, you would need to have NFC enabled, which people may do, but at least I never do by default.

      What ARE the uses for NFC right now. I know google wallet works for the galaxy nexus and a few phones by sprint, and ISIS hasn't come out yet, but what are people actually doing with it besides hacking phones and thinking about how at some point in the future, they'll be able to buy coffee with their phone?

    • by kqs (1038910)

      I am not totally sure why these handset hacks are always such big news. What are the chances that this can happen to a normal person? One, you would need to have NFC enabled, which people may do, but at least I never do by default. Two, you need physical access to the handset.

      I'm guessing it's a bigger deal to those who RTFA and see that this flaw can also be exploited by web and email; they just used NFC because it was novel. But true, it's not a big deal to people who like to complain but hate to be informed.

      I'm saddened that so many of these people also choose to vote. Perhaps a little quiz at the polls: "Did Obama say that business owners didn't build their own businesses? Did Romney say that he wants to fire people? Did you ever, for more than 1.3 seconds, have a doubt

    • I am not totally sure why these handset hacks are always such big news. What are the chances that this can happen to a normal person? One, you would need to have NFC enabled, which people may do, but at least I never do by default. Two, you need physical access to the handset.
      Has it not been the case for a very long time that if you lose your handset that someone can use it, NFC or no NFC? Oh, and they need to trigger the exploit 185 times before it worked. I think we are still reasonably safe.

      The point is if you're actually using NFC the very device you're rubbing your phone against can run code on it, install software, whatever, without you actually noticing anything.

      Yes, if you're not using NFC you're safe.

      For establishing NFC this is very bad news. It's hardly used anywhere and can already take over your phone if you use it.

  • The article eludes to the fact that Jellybean may fix this. All the more reason for carriers and manufactures to expedite upgrades.
    • By 'upgrade', you mean the new handset that you get for 'free' when you sign my two-year service contract, right consumer?

    • The carrier has nothing to do with this, it's just the manufacturer's problem, or maybe Google's in the long run, but no-one else's.

  • by phantomcircuit (938963) on Thursday September 20, 2012 @09:14AM (#41398813) Homepage
    This was demonstrated at DEFCON 20. He live demo'd rooting an android device using NFC to open the browser and a brwoser exploit to gain root. https://www.defcon.org/html/defcon-20/dc-20-speakers.html#Miller [defcon.org]
  • by ThunderBird89 (1293256) <zalanmeggyesi@CO ... m minus caffeine> on Thursday September 20, 2012 @09:17AM (#41398863)

    Given the short range and low bandwidth (424 kilobits/s) of NFC technology, this is more of an esoteric attack than a practical one. I think I'd notice someone shadowing me with a hand at my pocket to connect to my Nexus S via its NFC chip and pull data from it...
    Still, it's a show of force (and vulnerabilities).

    • by jkflying (2190798) on Thursday September 20, 2012 @09:27AM (#41398977)

      They don't need to. Just upload a little executable that sends everything over wifi/3G to them, and listens to new commands over those interfaces as well.

    • by fuzzyfuzzyfungus (1223518) on Thursday September 20, 2012 @09:35AM (#41399087) Journal

      The more worrisome thing is probably that NFC is built in in the hope that swiping it all over the place against untrusted devices will become a normal behavior(sort of the way that attacks against the USB charge/data port are wildly impractical, until random charging kiosks start popping up in airports and all over the place, at which point behavioral protection goes out the window, and a bunch of systems intended only to connect to your home PC start getting shoved into god-knows-what...). Sure, as an attack to execute against the phone in your pocket, it is only marginally more practical than making a stab for the USB port; but if the happy-magic-future-of-even-more-middlemen-and-fees comes to pass, you'll see anywhere between several and dozens of readers a day getting a chance to try whatever they want when you shove your phone onto the pad(plus, if ATMs and mag stripe skimming are any indication, it will be about 20 minutes before somebody comes out with a nice little stick-on thin-circuit-in-rugged-sticker NFC 'skimmer' that can be planted on top of legitimate NFC pads and will do its best to MitM legitimate conversations or attack devices while they converse with the genuine NFC pad and log the results).

  • by BMOC (2478408) on Thursday September 20, 2012 @09:19AM (#41398887)

    against random hackers while having my cell phone in my pocket at the geek-overloaded dance clubs on a regular basis... I guess I'm safe for now.

    Key phrase from the report: by holding two Galaxy S 3s next to each other .

  • I posted this above but here's what I see (maybe I'm missing something so help me out). So that assumption of danger here is what? Someone walks down the street bumping into random strangers repeatedly hoping that:

    1) The bump into the side where the strangers phone was being held.
    2) The two phones are perfectly at the same height (presumably in a pocket).
    3) The strangers phone is vulnerable.
    4) They have NFC enabled.
    5) They could hold the phones in contact for the about of time necessary to transfer
    • I posted this above but here's what I see (maybe I'm missing something so help me out).

      So that assumption of danger here is what? Someone walks down the street bumping into random strangers repeatedly hoping that:

      1) The bump into the side where the strangers phone was being held.

      2) The two phones are perfectly at the same height (presumably in a pocket).

      3) The strangers phone is vulnerable.

      4) They have NFC enabled.

      5) They could hold the phones in contact for the about of time necessary to transfer both an overloaded filed (presumably exceeded a buffer limit) and THEN also transfer the app compromised app that allows the actual hack to work (over a connection with a maximum bandwidth of a few hundred kbits/s).

      6) Then after the hack succeeded they remained in contact long enough for the data from the strangers phone to be transferred back to the hackers phone.

      All with anyone noticing? That's all assuming they fix whatever issue was causing it to need to be run 185 times before it finally worked? Assuming those 185 times were the incremental transfers of all the data needed? Again I'm still not scared. And this is fixed in Jelly bean (which my S3 is running...doom on you close talking random guy on the street thinking you finally found someone with an S3 to stand uncomfortably close to!).

      All ya gotta do is knock the stranger out. This just helps hackers not physically steal phones. Because stealing phones is wrong. :>

  • Only on Slashdot (Score:5, Insightful)

    by EGSonikku (519478) <petersen@mobile.gmail@com> on Thursday September 20, 2012 @10:38AM (#41400109)

    Someone discusses an NFC hack to root and steal data off Android and half the posts are "Apple isn't secure either!"

    Focus people! Slashdot is supposed to be the home of Linux and Open Source and über hacks! Why isn't anyone deceminating how this hack works and posting some kind of work-around that isn't just "Don't use NFC" (a feature which Apple gets derided for not having)?

    Remember, a fix isn't "Don't use NFC and switch to another browser." Let's assume a user *likes* NFC, and *likes* his web browser as it is. Lets *fix* the problem here. Any thoughts or conjecture?

    • by vawwyakr (1992390)
      Well based on the article it sounds like its already fixed in the current version of Android. So not much to focus on I suppose?
      • by jo_ham (604554)

        Well based on the article it sounds like its already fixed in the current version of Android. So not much to focus on I suppose?

        The 2% of Android users that have the current version are safe then!

        • by vawwyakr (1992390)
          Well the 5% who have a phone with NFC and Android ICS are in trouble huh? I wasn't saying that the discussion isn't interesting I'm just saying that the OP's comment that we have to focus on finding a solution isn't really relevant since it's already fixed in the OS and NFC can be disabled if you haven't been updated.
          • by jo_ham (604554)

            I was just being facetious - I admit this issue isn't as big as the story is making out (although any 0 day exploit is serious). I was just bringing up a counter point to the claim that the issue didn't matter because Jelly Bean fixes it, when only a couple of weeks ago slashdot ran a story about how the bulk of Android users are at least one version behind, and in some cases stuck there for good (unless they root their phone).

  • All this cracking and still no way to root the AppleTV 3?

  • Samsung has incredible hardware. The Galaxy series of phones have all been quite remarkable. Their OLED technology puts out color gamut that makes Plasma TVs look like they were painted with pastel watercolors.

    Their software has always blown. Every tried to use GPS on a samsung phone? How about USB mass storage mode? How about SVoice? How about waiting 2 years for ICS to come out on a device? How about USB Host mode on CDMA models? List goes on... They cut so many corners on software to get it out the do
    • The problem is, the era of hardware differentiation is coming to a crashing close, its all software from here on out.
    • '

      Samsung has incredible hardware. The Galaxy series of phones have all been quite remarkable. Their OLED technology puts out color gamut that makes Plasma TVs look like they were painted with pastel watercolors.

      There have been reports about problems with the WiFi on the S3. Also the review for the hardware have been favorable except that several reviewers commented that the display on the S3 is noticeably dimmer than the S2 and competing phones (CNET has one such review).

      I'm thinking about getting an S3 bu

      • What I've never understood is the non-user replaceable battery with (now almost all) Apple products. Why create a disposable anything at that price? And if its not disposable, why do people sign up to be stuck taking the device (laptop/phone) to the Apple Store so they can overcharge labor and materials?

        Regardless of how great the phone may be (or laptop for that matter.) If I can't change the battery myself, I'm not buying it. That holds true for any device.... There's no need for that shit THIS far int
        • What I've never understood is the non-user replaceable battery with (now almost all) Apple products.

          To be fair. I'm using the same removable battery that came with my Android phone. My last Android phone that I upgraded from still has its original battery. I haven't purchased a replacement battery for either of my smartphones. I may have been lucky, but I have gone over 2 years of heavy use on my current phone (knock on wood).

          Why create a disposable anything at that price? And if its not disposable, why d

          • The battery is replaceable, so I think the disposable comment is hyperbole.

            I wasn't the one to coin that particular phrase, actually. I read it in an editorial from some tech website... it got me to thinking... soldered RAM, sealed cases, no (easily) removable battery.... it's becoming a commodity in the Appleverse. I believe the article made a valid point, and when you start considering the technical background of Apple's stereotypical customer, it doesn't seem so far-fetched. I don't think it'll come t

  • How is it possible at this age in computer development that we STILL design shit with giant holes in it? I honestly do not understand why it is so hard to make a robust and secure system. Is it because we demand so many features that they cant look at everything? How do you design a program that cannot be exploited? Why is it so very hard?
  • Cool. A security exploit was found and now it can be fixed. A rational person would go, I'll just disable NFC and be okay.

    This being slashdot, we'll have more than our fair share of people insisting that this proves that Android is somehow inferior than their favorite brand of OS. This will in turn lead to Android fans pointing out how the other OS was also hacked. The next thing you know, we have an all out fanboy war on the comments. It's as if Slashdot editors are planning on this.

    Isn't there any cool

  • The first time I saw NFC demonstrated, with phones receiving and acting on data without user consent, a LOL'd at what a security disaster it would surely be.

  • It has security holes and attracts malware. iOS only really has security holes.

A computer lets you make more mistakes faster than any other invention, with the possible exceptions of handguns and Tequilla. -- Mitch Ratcliffe

Working...