At the past USecWest’s Mobile Pwn2Own competition a startling revelation was discovered about Near Field Communications (NFC). The technology can be used to install malicious software which can compromise all of the data on the infected device.
MWR Labs demonstrated the exploit on a Samsung Galaxy S3. Think of the attack in this scenario: “a pickpocket walking around with a phone loaded with an attack file bumps into you. The malicious phone comes in close proximity with your phone and easy as that, the criminal has full control over all the information stored on the device.”
Although, the exploit was due to a vulnerability discovered in the Android 4.0.4 Ice Cream Sandwich operating system. It could allow an attacker to send a malicious file to the receiving device. However, the exploit was said to be broken in the Jellybean operating system.
“Through NFC it was possible to upload a malicious file to the device, which allowed us to gain code execution on the device and subsequently get full control over the device using a second vulnerability for privilege escalation,” MWR Labs wrote on the company blog.
Essentially, NFC acted as a doorway. Perhaps this has been one reason NFC’s reception with carriers is stagnant. RIM has been a pioneer in utilizing NFC technology in their smartphones. Could NFC be an access point for hackers to gain access to BlackBerry devices by manipulating a pre-existing vulnerability in the BlackBerry operating system?
via PC Mag