FallenWriter · Sep 30, 2012 at 05:00 am

What Can We Learn from the Galaxy S III NFC Hack?

NFC technology is poised to become the core of the mobile payment world. Nearly every cutting edge smartphone released in the next year will feature some form of NFC and mobile payments. Every major player from Verizon to Google, from MasterCard to American Express is in some way attempting to enter the market and gain a foothold in the thriving industry. Yet this is not without cost: Near-Field Communication technology is new and relatively untested. By linking it with our smartphones, a device we use for nearly every aspect of our lives, we’ve created the most potent bait an identify thief or malicious life hacker could desire.

Yet until recently, few cared to think about the malicious possibilities that NFC posed to the user. Just over a week ago at Mobile Pwn2Own, this changed when MWR Labs demonstrated that NFC users (and vendors) have a whole lot more to think about. While the exact details of the exploit are still withheld, using the Samsung Galaxy S3’s NFC chip, a file is downloaded and automatically opened. Next, the file was able to elevate its privileges and thereby gain control over every aspect of the device. As explained on the team’s blog:

The first vulnerability was a memory corruption that allowed us to gain limited control over the phone. We triggered this vulnerability 185 times in our exploit code in order to overcome some of the limitations placed on us by the vulnerability.

We used the second vulnerability to escalate our privileges on the device and undermine the application sandbox model. We used this to install a customised version of Mercury, our Android assessment framework. We could then use Mercury’s capabilities to exfiltrate user data from the device to a remote listener, including dumping SMS and contact databases, or initiating a call to a premium rate number.

While this type of attack may seem complicated and far fetched, the reality is that criminals will go to great lengths to formulate a method by which to steal your information and money. The more reliant on mobile technology we become, the more vigilant we must be in safeguarding our information. Having NFC enabled 24/7 is like having your credit card, phone number, address, name, and Social Security Number dangling from your belt loop. So while the exploit will undoubtedly be patched quickly, just remember: You never know who may be watching.


_________
Want something on the XDA Portal? Send us a tip!

FallenWriter

FallenWriter is an editor on XDA-Developers, the largest community for Android users. I am the Fallen Writer of XDA. I was a News Writer who was cast into exile for my sins. Now I have returned to haunt the forums of XDA with my writings. View FallenWriter's posts and articles here.
Mario Tomás Serrafero · Apr 18, 2015 at 10:00 am · 3 comments

Open War for Open Android: Antitrust for Cyanogen?

Android and openness is something we talk about all the time, but the recent developments in the industry point towards inherent flaws with this very premise. Be it from bloggers, political institutions or corporations, Android is seemingly not open enough. The “War on Openness” is ironically becoming an open war, where many players are increasing their stakes and scope to try and land a bigger hold - or at the very least, restrict Google’s - on what is the world’s...

XDA NEWS
Emil Kako · Apr 17, 2015 at 01:22 pm · 3 comments

What Do You Do with All of Your Old Photos?

Smartphone cameras have advanced so tremendously over the past few years that they have almost completely replaced point and shoot digital cameras for the most of us. Furthermore, since our smartphones are always with us, the majority of us end up taking tons of photos throughout the lifespan of our devices. But what happens to all the old photos you take? Do you store them on an external hard-drive or keep them backed up to an online cloud service like Flickr? Let us know what your favorite way of storing old photos is and why.

DISCUSS
Faiz Malkani · Apr 17, 2015 at 01:04 pm · 1 comment

Diving into the April 2015 Material Design Update

Before the release of Android 5.0 Lollipop, the Holo Design guidelines served as the official reference for Android design, right from IceCream Sandwich to KitKat. However, updates to the guidelines were few and far between, leading to a lack of synchronization between Android design and current UI/UX trends. Google seems to have learned from their mistake the last time around, and earlier this week, a significant update was released for the Material Design guidelines, marking the second revision in less...

XDA NEWS
Share This