Slashdot Mirror

← Back to Stories (view on slashdot.org)

Android Hacked Via NFC On the Samsung Galaxy S 3

Posted by timothy on from the use-barrier-methods dept.

An anonymous reader writes with an item from The Next Web: "Security researchers participating in the Mobile Pwn2Own contest at the EuSecWest Conference in Amsterdam [Wednesday] demonstrated how to hack Android through a Near Field Communication (NFC) vulnerability. The 0day exploit was developed by four MWR Labs employees (two in South Africa and two in the UK) for a Samsung Galaxy S 3 phone running Android 4.0.4 (Ice Cream Sandwich). Two separate security holes were leveraged to completely take over the device, and download all the data from it."

9 of 198 comments (clear)

  1. And... iOS6 by jkflying · · Score: 5, Informative

    At the same event, they also hacked iOS6. Just to give an unbiased view...

    --
    Help I am stuck in a signature factory!
    1. Re:And... iOS6 by jkflying · · Score: 4, Informative

      Read the link:
      http://thenextweb.com/apple/2012/09/19/dutch-security-researchers-hack-apple-iphone-4s-exploiting-safari/

      They did it via a malicious webpage, which IMO is even worse than via NFC.

      --
      Help I am stuck in a signature factory!
    2. Re:And... iOS6 by UnknowingFool · · Score: 4, Informative

      Also for unbiased view, Pwn2Own is turn based as far as I remember. So any gloating that X device was first to be pwned is meaningless. Teams register before the contest. Team order is chosen randomly (drawing straws, 12 sided dice, whatever). The first team decides which device to be hacked and is given a time period to do so. If they succeed, they get the device. If the first team fails, the second team gets their chance and choice of device. If the first team succeeds, the next team with an unhacked device goes. Some teams register for multiple devices to get a better chance to win something.

      So gloating that iOS or Androd was first to be pwned is useless. It doesn't tell anything about ease of hack or relative security of devices. What matters if they were pwned.

      --
      Well, there's spam egg sausage and spam, that's not got much spam in it.
  2. Is it really such a big deal? by pablo_max · · Score: 4, Informative

    I am not totally sure why these handset hacks are always such big news. What are the chances that this can happen to a normal person? One, you would need to have NFC enabled, which people may do, but at least I never do by default. Two, you need physical access to the handset.
    Has it not been the case for a very long time that if you lose your handset that someone can use it, NFC or no NFC? Oh, and they need to trigger the exploit 185 times before it worked. I think we are still reasonably safe.

    1. Re:Is it really such a big deal? by wile_e8 · · Score: 3, Informative
      Launching Tasks
      Sharing Wifi

      Just a couple I use off the top of my head

  3. Not exactly practical by ThunderBird89 · · Score: 3, Informative

    Given the short range and low bandwidth (424 kilobits/s) of NFC technology, this is more of an esoteric attack than a practical one. I think I'd notice someone shadowing me with a hand at my pocket to connect to my Nexus S via its NFC chip and pull data from it...
    Still, it's a show of force (and vulnerabilities).

    --
    Hyperbole: I use it liberally!
  4. It's a good thing I don't go bumping/grinding by BMOC · · Score: 3, Informative

    against random hackers while having my cell phone in my pocket at the geek-overloaded dance clubs on a regular basis... I guess I'm safe for now.

    Key phrase from the report: by holding two Galaxy S 3s next to each other .

    --
    I swear they give me mod points to shut me up.
  5. NFC Doesn't Work That Easily by Chibi+Merrow · · Score: 5, Informative

    With this Galaxy 3 NFC hack, a stranger could do it sitting next to you on the bus.

    No, they'd have to be sitting next to me on the bus AND physically touch my phone with another device long enough to trigger NFC AND I have to have NFC enabled AND keep the devices in physical contact long enough for the download to complete OR hope that I have an active data connection AND the right web browser set as my default so their specially crafted web page loads to root my device...
    Except that (since I have like six web browsers installed) it requires me to interact with the phone to pick the web browser to open the page... A lot more difficult to arrange than "sitting next to someone".

    Also, the ASLR implementation is known to be incomplete on ICS. It's apparently fully fixed on Jelly Bean, so this hack shouldn't be possible on the S3 in a couple months, when the update is rolled out. Likewise, all of the Nexus NFC devices have been updated to Jelly Bean, so they're secure.

    Yeah, it's sad that the hack was possible, but it was due to flaws in the OS, not due to problems with NFC, and only under a very contrived set of circumstances...

    --
    Maxim: People cannot follow directions.
    Increases in truth directly with the length of time spent explaining them
  6. Sure, exactly the same by SuperKendall · · Score: 2, Informative

    Yes, iOS6 was hacked. So if you were lured into visiting some bad web site site someone could potentially see your address book and photos - Oh no!

    Meanwhile everyone you bump with the S3 could be a carrier of a filthy, filthy disease that would render your entire system open to keyloggers or whatever.

    The iOS6 attack is read only, the NFC attack write...

    --
    "There is more worth loving than we have strength to love." - Brian Jay Stanley