Rating: What you need is a fuzzing tool like Charlie Miller’s
Given that the vulnerability in a Google/Samsung Nexus S handset was exposed last week [July 25th 2012] by Charlie Miller – a researcher with the respected Accuvant Labs, most observers have overlooked the fact that the other handset involved was Nokia N9 running the Linux based MeeGo operating system. The really worrying thing is that the attack was made via NFC (Near Field Communication) which means that there are vulnerabilities in popular NFC stacks. What the demonstration the Black Hat Conference in Las Vegas also revealed is that currently there are no real software tools for testing of NFC implementations out there. Very worrying since so many mobile payment systems are now NFC based.The attack was carried out via a technique known as ‘fuzzing’ which involves feeding corrupt or damaged data to an app to discover vulnerabilities.
We’ve mentioned fuzzing before in a Guest Post by Jimmy Shah here.
What did these ‘hacks’ allow Charlie Miller to do? “I can read all the files,” Miller claimed in a Computer World Australia report here.
Miller added, “I can make phone calls, too”.
The demo showed it is possible to set up NFC-based radio communication to share content with the smartphones in order toperform exploits, such as writing an exploit to crash phones and even in certain circumstances read files on the phone.
The vulnerabilities Miller identified in the Android-powered Nexus S are located in the browser surface. To carry out the attacks, Miller used a home-grown NFC fuzzing tool.
The only bit of good news is that given that this is NFC, it would only work if you could get in close proximity to the handset which you want to attack.
Unlike Bluetooth, for example, where you could carry out an attack on a crowded train. for example.
What puzzles us is why Miller bothered to attack a MeeGo handset in the first place given that Nokia has virtually abandoned the N9 handset. Perhaps he believes that Jolla Mobile will be successful in resurrecting MeeGo as a mobile OS?
Uhhh, everyone seems to assume that NFC is “always-on”…
If I want to share content on my N9 with others, I turn on NFC, share and turn it off again.
How many times have you ‘accidentally’ left Bluetooth on – despite all the controls there are to prevent hacking via Bluetooth? We think the proximity parameter is more telling than whether or not NFC has been left switch on.
@admin
OK, how many people can get that close ? Touching…
Also NFC apps can b e made so that they turn off after xsecs.