The near field communication (NFC) is a handy feature, but now researchers point out that it can be dangerous too. Security expert Charlie Miller has demonstrated the chinks in the technology at the ongoing Black Hat security conference at Las Vegas.
NFC readers that are embedded in smartphones can communicate with NFC tags which send data to them with the help of built-in antennas when they come in close proximity. According to Miller, the NFC readers are on by default and can accept data sent by the tags without notifying the user.
Miller demonstrated how he can use an NFC-enabled card to sneak into the phones in the vicinity. The card was capable of directing an Android smartphone to a malicious website through the Android beam function.
During the demonstration, he was able to download a malware to the phone using a bug in the browser which can monitor the browsing activities of the victim, eventually taking control of the phone. The most interesting thing is that all these happened without the notice and consent of the phone user.
During his talk named ’Don’t Stand Close to Me: An Analysis of the NFC Attack Surface’, he said that potential attackers can make use of this weakness of the NFC feature, if they want to.
For instance, an attacker can change the NFC tag on a movie poster or point-of-sale payment terminals to direct consumer phones which comes in the vicinity of the tag to malicious websites.
He found Android and Nokia phones sporting the NFC feature vulnerable. iPhones do not feature the ability now, he said.