FallenWriter · Sep 30, 2012 at 05:00 am

What Can We Learn from the Galaxy S III NFC Hack?

NFC technology is poised to become the core of the mobile payment world. Nearly every cutting edge smartphone released in the next year will feature some form of NFC and mobile payments. Every major player from Verizon to Google, from MasterCard to American Express is in some way attempting to enter the market and gain a foothold in the thriving industry. Yet this is not without cost: Near-Field Communication technology is new and relatively untested. By linking it with our smartphones, a device we use for nearly every aspect of our lives, we’ve created the most potent bait an identify thief or malicious life hacker could desire.

Yet until recently, few cared to think about the malicious possibilities that NFC posed to the user. Just over a week ago at Mobile Pwn2Own, this changed when MWR Labs demonstrated that NFC users (and vendors) have a whole lot more to think about. While the exact details of the exploit are still withheld, using the Samsung Galaxy S3’s NFC chip, a file is downloaded and automatically opened. Next, the file was able to elevate its privileges and thereby gain control over every aspect of the device. As explained on the team’s blog:

The first vulnerability was a memory corruption that allowed us to gain limited control over the phone. We triggered this vulnerability 185 times in our exploit code in order to overcome some of the limitations placed on us by the vulnerability.

We used the second vulnerability to escalate our privileges on the device and undermine the application sandbox model. We used this to install a customised version of Mercury, our Android assessment framework. We could then use Mercury’s capabilities to exfiltrate user data from the device to a remote listener, including dumping SMS and contact databases, or initiating a call to a premium rate number.

While this type of attack may seem complicated and far fetched, the reality is that criminals will go to great lengths to formulate a method by which to steal your information and money. The more reliant on mobile technology we become, the more vigilant we must be in safeguarding our information. Having NFC enabled 24/7 is like having your credit card, phone number, address, name, and Social Security Number dangling from your belt loop. So while the exploit will undoubtedly be patched quickly, just remember: You never know who may be watching.


_________
Want something on the XDA Portal? Send us a tip!

FallenWriter

FallenWriter is an editor on XDA-Developers, the largest community for Android users. I am the Fallen Writer of XDA. I was a News Writer who was cast into exile for my sins. Now I have returned to haunt the forums of XDA with my writings. View FallenWriter's posts and articles here.
Mario Tomás Serrafero · Aug 1, 2015 at 03:54 pm · 1 comment

PSA: You Can Optimize Your Note 4’s Recents Menu & RAM

The Note 4 never had the fastest Recents Menu, and despite its 3GB of RAM, its app-holding capabilities only got worse on Lollipop. The infamous RAM bug that plagued the S6 is indeed an annoyance on the Note 4's 5.0.X ROMs. Rumors of an update to fix all of this were confirmed with the first reports of the 5.1.1 update for the Russian Note 4, which seemingly improved the Recents Menu and RAM management. But it'll be a long time...

XDA NEWS
Mario Tomás Serrafero · Aug 1, 2015 at 01:33 pm · 1 comment

XDA Picks: Best Apps of the Week (July 25 – Aug 1)

Apps are at the front and center of any smartphone experience, and with over a million apps on the Google Play Store and new apps being submitted to our forums every day, staying up to date on the latest apps and games can be a hassle. At XDA we don’t discriminate apps - if it’s interesting, innovative, original or useful, we mention them. The XDA Portal Team loves apps too, and here are our top picks for this week.  ...

XDA NEWS
Mathew Brack · Aug 1, 2015 at 09:00 am · 2 comments

Voices Of XDA: Orbiting The Earth With Android

Editor’s note: This week's feature has been written by forum member RowHanSolo and takes a look at the exciting prospect of launching satellites fitted with little more than an Android phone as an onboard computer. From a university to NASA, multiple projects like this have launched!   Technology is an ever-growing industry, regardless of which corner you look at. However, each area of technology has its limitations on what it can do and how far it can expand. For satellite technology,...

XDA NEWS