I cannot believe..........no wait....I cannot understand why these things aren't being made with security at the forefront. Surely anyone with half a brain realises that every point of communication with a phone is a potential point of exploitation. LOCK IT DOWN PEOPLE - FOR BLINKY'S SAKE, THIS HAS BEEN GOING ON TOO LONG.
For the nexus phone, the actual exploit was in the browser, NFC was just used to open the browser without the user being asked to do so. On the nokia, the actual exploit was in the bluethooth stack. This particular implementation allows bluetooth device pairing over NFC even if bluetooth is turned off on the phone, so now with NFC the exploit is reachable without the users knowledge. The exploit in the bluetooth stack allows for root access on the device. So the biggest problem with current NFC implementations is they don't ask the user anything, just act on what the other side is giving you. That is the real problem, because now one may change the payment terminal to hack your phone. If I hold my phone against a payment terminal and it asks me to pair a bluetooth device I'll just deny it, but with the current phones, I'm not asked anything.
Info from this site (dutch): http://tweakers.net/nieuws/83354/beveiligingsonderzoeker-waarschuwt-voor-misbruik-nfc.html
The first test doesn't seem too hard... I downloaded a few samples of the picture, applied a pixelize filter in The Gimp, and the borders of some of the subimages come out very clear. Since you only have to point to the center of a single subimage, a simple program could probably find a good point in no time!
Another flaw in the first test is that there are always subpictures in the corners touching 2 outer borders of the complete picture. This means you only have to detect 2 sides to determine the center of it.
Furthermore, some subimages have a significant different colorpattern than others in the background (ex: bright sky vs. plain black) and the program wich puts these images together doesnt really seem to keep track of this, wich makes the borders very simple to detect.
Leaves us with the second picture, but the first looks worthless already...
Yeah, and if you've done six impossible things this morning, why not round it off with breakfast at Milliways, the Restaurant at the End of the Universe?
Slashdot Mirror
I cannot believe..........no wait....I cannot understand why these things aren't being made with security at the forefront. Surely anyone with half a brain realises that every point of communication with a phone is a potential point of exploitation. LOCK IT DOWN PEOPLE - FOR BLINKY'S SAKE, THIS HAS BEEN GOING ON TOO LONG.
For the nexus phone, the actual exploit was in the browser, NFC was just used to open the browser without the user being asked to do so. On the nokia, the actual exploit was in the bluethooth stack. This particular implementation allows bluetooth device pairing over NFC even if bluetooth is turned off on the phone, so now with NFC the exploit is reachable without the users knowledge. The exploit in the bluetooth stack allows for root access on the device. So the biggest problem with current NFC implementations is they don't ask the user anything, just act on what the other side is giving you. That is the real problem, because now one may change the payment terminal to hack your phone. If I hold my phone against a payment terminal and it asks me to pair a bluetooth device I'll just deny it, but with the current phones, I'm not asked anything. Info from this site (dutch): http://tweakers.net/nieuws/83354/beveiligingsonderzoeker-waarschuwt-voor-misbruik-nfc.html
Like this dutch guy: http://tweakers.net/ext/f/S8yQU57CR777iio7mI1FrcZj/full.jpg
Or, to spin this thread the other way round (and being completely off-topic), the only thing left of the actual pigeon is the brain: http://dsc.discovery.com/news/briefs/20041018/brain.html
I would think they recieved one of these by now: http://www.engadget.com/2010/04/10/intels-48-core-processor-destined-for-science-ships-to-univers/
But maybe the profiling is easier in a simulated environment?
The first test doesn't seem too hard... I downloaded a few samples of the picture, applied a pixelize filter in The Gimp, and the borders of some of the subimages come out very clear. Since you only have to point to the center of a single subimage, a simple program could probably find a good point in no time!
Another flaw in the first test is that there are always subpictures in the corners touching 2 outer borders of the complete picture. This means you only have to detect 2 sides to determine the center of it.
Furthermore, some subimages have a significant different colorpattern than others in the background (ex: bright sky vs. plain black) and the program wich puts these images together doesnt really seem to keep track of this, wich makes the borders very simple to detect.
Leaves us with the second picture, but the first looks worthless already...
Yeah, and if you've done six impossible things this morning, why not round it off with breakfast at Milliways, the Restaurant at the End of the Universe?