Samsung, Nokia Devices Hacked Through NFC Security Flaw

Just as Near-Field Communications (NFC) technology is finding its way into the spotlight, a demonstration at the BlackHat USA 2012 security conference threatens to render its celebrity short-lived.

Charlie Miller, a principal research consultant at security firm Accuvant, demonstrated to the BlackHat audience July 25 how its possible to use NFCa technology that allows two devices to communicate when touched or in close proximityto hack into a smartphone and access user information. Miller demonstrated possible attack scenarios using a Google Nexus S device running the Gingerbread version of Android, a Samsung Galaxy Nexus running Android Ice Cream Sandwich and a Nokia N9 running MeeGo 1.2.

It turns out that through NFC, using technology like Android Beam or NDEF [NFC Data Exchange Format] content sharing, one can make some phones parse images, videos, contacts, office documents, even open up Web pages in the browser, all without user interaction, says a description of Millers talk (cutely titled Dont Stand So Close to Me) on the BlackHat event site.

A number of mobile payment solutions, including Google Wallet, rely on NFC. While Wallet, for example, can be used at hundreds of thousands of merchants, through a partnership with MasterCards NFC-based PayPass, such solutions have been slow to find adoption, for a number of reasons, with security among them.

Research In Motion, HTC, LG, Huawei, Motorola and ZTE currently also offer NFC-enabled phones, and patents that Apple has filed with the U.S. Patent and Trademark Office suggest that its next iPhone may include the technology. Apple's backing could give a tremendous boost to NFC, which analysts have high hopes for. By 2017, Juniper Research expects one in four mobile phone users in the U.S. and Western Europe to use NFC-enabled phones to make in-store purchases, and for global NFC payments to exceed $180 billion that year.

Samsung, with its Galaxy S III, and Sony with the Xperia ion smartphone, have worked to extend the use of NFC beyond mobile payments. Each offers inexpensive packs of NFC tags that users can program using a free application. When the phones are tapped to a programmed tag, they can be made to do a variety of things, from lowering the ringer to sending a text message.

Miller demonstrated how a tag could send a phone to a malicious Web site that could tunnel into the device and grab user information.

If I walk up to your phone and touch it, or I just get near it, your Web browser, without you doing anything, will open up and go to a page that I tell it to, Miller told Ars Technica in an interview before the demonstration.

The AT report added that a concealed NFC tag attached to a payment terminal or other legitimate NFC-enabled device could be used to grab control of the phone. Though phones running MeeGo or Android Ice Cream Sandwich need to be unlocked to be attacked, in those scenarios they would be. An attacker who knows the person hes targeting could also send that person a text message or call them, ensuring the device is unlocked for the necessary few seconds.

While Millers findings certainly dont help the cause, not everyone is convinced the spell the end to the technology.

NFC is not doomed, Ezra Gottheil, a senior analyst with Technology Business Research, told eWEEK.

There seem to be two problems here, both fixable. There are bugs, which need simply to be fixed, and there is a new feature, Android Beam, that wasnt completely thought out. Its only software, Gottheil explained.

Android Beam arrived with Ice Cream Sandwich, and Google explained to developers that NFC is an easier way to send data than wireless technologies like Bluetooth, since with NFC, pairing or device discovery arent necessary, the connection is automatically started when two devices come within range.

The hackers tend to overdramatize the consequences of the flaws they discover. Thats just marketing, said Gottheil. They are aiming to show that companies like Google, Nokia, and Samsung (and Apple) should hire them so that these flaws are discovered and removed before the product is rolled out.

Cycles of hacking and repairing, Gottheil added, are the inevitable consequence of deploying new technology.

Nokia released a statement saying it is aware of Millers work and investigating the claims concerning the Nokia N9.

Although it is unlikely that such attacks would occur on a broad scale given the unique circumstances, the statement continued, Nokia is currently investigating the claims using our normal processes and comprehensive testing.

Follow Michelle Maisto on Twitter.