Hackers can exploit NFC, Chrome browser to take over your Android phone

July 28, 2012
21 69 10 5

    Despite Google’s valiant attempt to make Android a safer playground for its users by introducing the anti-malware Bouncer service last February, which helps scan apps on Google Play Store for malware and keep them out, experts are still finding security loopholes that can wreak havoc on your Android device.

    The first threat we’re going to talk about today comes from the Near Field Communication (NFC) feature on certain Android devices, which is becoming more ubiquitous these days. Though the technology was already used in older phones like the Google Nexus S, released back in 2010, newer devices like Samsung’s Galaxy S3 seem to be finding more uses for it, as NFC is being promoted beyond wireless payment – such as for transferring pictures and other files.

    Charlie Miller, a consultant from security firm Accuvant, has recently demonstrated how easy it is to push through malicious code to an Android device. He did it with the help of a device as small as a postage stamp, also known as an NFC tag, by placing it within close proximity to where people would be using their NFC-equipped device the most. This enables the code to be beamed over to the handset, thus allowing hackers to gain full control of the device.

    So what you can do to avoid the worst from happening? When it comes to NFC, enabling the feature in combination with Android Beam on your device does leave you with no choice but to accept any incoming transfer – malicious or not. There is currently no mechanism in place where you can select to approve or reject the transfer from other NFC devices. This is obviously something that Google and manufacturers need to address.

    The second threat is a security flaw that was found in Google’s Chrome browser for Android. Demonstrating it back in February, Miller, alongside Crowdstrike’s Georg Wicherski, used a piece of software to infect the device through the loophole. The flaw has since been fixed by Google, and those who have updated the browser to its latest version should be relatively safe from such attacks.

     

    Comments

    • http://tech-trip.com/ Tech-Trip

      I was almost sure of something like this happening due to NFC. Too many security holes for hackers to exploit…

    • Timothy Blanks

      Let’s put this in context. You would need to get your NFC chip within 3cm of the phone. The phone also needs to be unlocked as NFC does not work when the phone is locked. AND NFC needs to be enabled. To be honest it would be far easier just to steal their phone outright. Forgive me if I’m not concerned about this ‘hack’ I’m sure you will never need to fear this one in the wild.

      • derekross

        That’s how I feel. This is almost a non issue.

    • http://www.facebook.com/profile.php?id=1425381904 Damar Adi Sasongko

      i think the hacker must stole their phone first, before attempting to hack the phone. because NFC needs to be really close contact each other. or else it wont work. :D

    • Dale Carnegie

      Hackers do not wander the streets picking on individual devices at a time.

      This whole scenario is so stupid it belongs in a Hollywood B movie that has Mickie Rourke as the star.

      As others point out, you’re talking the need to be within 2-3cm AND have an unlocked screen (everyone’s Android screen locks up after what, 15-30 sec of non use?).

      Really, go off and write for the movies. This doesn’t happen in real life.

      Nice scare tactic though. Work for Apple much?

    Popular

    Latest