Slashdot Mirror
Android Hacked Via NFC On the Samsung Galaxy S 3
An anonymous reader writes with an item from The Next Web: "Security researchers participating in the Mobile Pwn2Own contest at the EuSecWest Conference in Amsterdam [Wednesday] demonstrated how to hack Android through a Near Field Communication (NFC) vulnerability. The 0day exploit was developed by four MWR Labs employees (two in South Africa and two in the UK) for a Samsung Galaxy S 3 phone running Android 4.0.4 (Ice Cream Sandwich). Two separate security holes were leveraged to completely take over the device, and download all the data from it."
This was hacked via NFC. But I live in Pittsburgh, and the Steelers are in the AFC.
So I can assume I am safe?
At the same event, they also hacked iOS6. Just to give an unbiased view...
Help I am stuck in a signature factory!
I think that is pretty key here, 185 times at the range of less than and inch or so is basically someone sitting there next to you pretty much touching you for 5 minutes. Obviously this is something that needs to be fixed but I'll hold off on my panic just yet. Even if it worked on the first try someone would have to first identify you as having a vulnerable phone, and where you have if (ie which pocket, etc) then get so close as to be practically touching you and then they have to hope that you have nfc enabled. This isn't some sort of thing you can do just casually walking down the street. It might be an issue for a particular person being targeted but not very likely for a random attack.
The more worrisome thing is probably that NFC is built in in the hope that swiping it all over the place against untrusted devices will become a normal behavior(sort of the way that attacks against the USB charge/data port are wildly impractical, until random charging kiosks start popping up in airports and all over the place, at which point behavioral protection goes out the window, and a bunch of systems intended only to connect to your home PC start getting shoved into god-knows-what...). Sure, as an attack to execute against the phone in your pocket, it is only marginally more practical than making a stab for the USB port; but if the happy-magic-future-of-even-more-middlemen-and-fees comes to pass, you'll see anywhere between several and dozens of readers a day getting a chance to try whatever they want when you shove your phone onto the pad(plus, if ATMs and mag stripe skimming are any indication, it will be about 20 minutes before somebody comes out with a nice little stick-on thin-circuit-in-rugged-sticker NFC 'skimmer' that can be planted on top of legitimate NFC pads and will do its best to MitM legitimate conversations or attack devices while they converse with the genuine NFC pad and log the results).
No, they'd have to be sitting next to me on the bus AND physically touch my phone with another device long enough to trigger NFC AND I have to have NFC enabled AND keep the devices in physical contact long enough for the download to complete OR hope that I have an active data connection AND the right web browser set as my default so their specially crafted web page loads to root my device...
Except that (since I have like six web browsers installed) it requires me to interact with the phone to pick the web browser to open the page... A lot more difficult to arrange than "sitting next to someone".
Also, the ASLR implementation is known to be incomplete on ICS. It's apparently fully fixed on Jelly Bean, so this hack shouldn't be possible on the S3 in a couple months, when the update is rolled out. Likewise, all of the Nexus NFC devices have been updated to Jelly Bean, so they're secure.
Yeah, it's sad that the hack was possible, but it was due to flaws in the OS, not due to problems with NFC, and only under a very contrived set of circumstances...
Maxim: People cannot follow directions.
Increases in truth directly with the length of time spent explaining them
Someone discusses an NFC hack to root and steal data off Android and half the posts are "Apple isn't secure either!"
Focus people! Slashdot is supposed to be the home of Linux and Open Source and über hacks! Why isn't anyone deceminating how this hack works and posting some kind of work-around that isn't just "Don't use NFC" (a feature which Apple gets derided for not having)?
Remember, a fix isn't "Don't use NFC and switch to another browser." Let's assume a user *likes* NFC, and *likes* his web browser as it is. Lets *fix* the problem here. Any thoughts or conjecture?
- "Scientia non habet inimicum nisp ignorantem"