×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Android Hacked Via NFC On the Samsung Galaxy S 3

timothy posted about a year and a half ago | from the use-barrier-methods dept.

Android 198

An anonymous reader writes with an item from The Next Web: "Security researchers participating in the Mobile Pwn2Own contest at the EuSecWest Conference in Amsterdam [Wednesday] demonstrated how to hack Android through a Near Field Communication (NFC) vulnerability. The 0day exploit was developed by four MWR Labs employees (two in South Africa and two in the UK) for a Samsung Galaxy S 3 phone running Android 4.0.4 (Ice Cream Sandwich). Two separate security holes were leveraged to completely take over the device, and download all the data from it."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

198 comments

So am I safe? (5, Funny)

Anonymous Coward | about a year and a half ago | (#41398719)

This was hacked via NFC. But I live in Pittsburgh, and the Steelers are in the AFC.

So I can assume I am safe?

Re:So am I safe? (0)

Anonymous Coward | about a year and a half ago | (#41399597)

I'm guessing this is a result of the shitty replacement refs..so until the real refs are back noone is safe!

And... iOS6 (5, Informative)

jkflying (2190798) | about a year and a half ago | (#41398729)

At the same event, they also hacked iOS6. Just to give an unbiased view...

Re:And... iOS6 (5, Funny)

Anonymous Coward | about a year and a half ago | (#41398747)

You must be new here.

Re:And... iOS6 (-1)

Anonymous Coward | about a year and a half ago | (#41399061)

oh god, mod him funny +infinite.

Re:And... iOS6 (-1, Redundant)

halfEvilTech (1171369) | about a year and a half ago | (#41398761)

iOS 6 has also been jailbroken for serveral days now so hacking that really isn't "news"

Re:And... iOS6 (4, Insightful)

jkflying (2190798) | about a year and a half ago | (#41398837)

They did it via a malicious webpage. I said hack, not jailbreak.

Re:And... iOS6 (2)

LordLimecat (1103839) | about a year and a half ago | (#41399481)

To give the unbiased view, a hack via website is bad, but one via NFC seems a lot worse (although one hopes you would be suspicious when a stranger starts holding your android up to his; its not exactly "stealthy").

Re:And... iOS6 (2, Interesting)

Anonymous Coward | about a year and a half ago | (#41399873)

Worse? People visit a dozen websites everyday, but how often do they bump phones with somebody else?

More than that, to prevent NFC hack you just have to flip it off, but to prevent hack via rogue ad iframe... well, if it was Android, you could just block the ads, for example, even with hosts file, or use a different browser, but on iOS you're SoL.

Good thing for Apple this is before iOS6 release, not right after.

Re:And... iOS6 (1)

SuperKendall (25149) | about a year and a half ago | (#41400569)

Worse? People visit a dozen websites everyday,

Not ones I don't know well...

How often do they bump phones with somebody else?

Presumably only when you are outside Apple store lines mocking Apple users? That judging from the short historical documentary I watched. That's just the time an Apple fan might strike with a bump attack though.

to prevent hack via rogue ad iframe...

You have to wait a week or so for the next update, which 90% of the users will get.

Good thing for Apple this is before iOS6 release, not right after.

Nope. iOS6 is out. But it doesn't mean they can't do a quick update, in fact they usually do.

Re:And... iOS6 (0)

Anonymous Coward | about a year and a half ago | (#41400645)

Worse? People visit a dozen websites everyday,

Not ones I don't know well...

Bullshit you piece of shit shill. People search for shit constantly on their phone and end up on fuck-all-who-know.com to find stuff. Your apologizing is fail.

Re:And... iOS6 (1)

sarysa (1089739) | about a year and a half ago | (#41400243)

I for one keep my device close, and only leave my phone lying under my car's seat or at home. (For extended periods of time) It doesn't take a security researcher to get my data if they could get close enough for NFC. NFC's real working range is less than 2 centimeters. (You might get lucky beyond 2, but you see what I mean) TFA states that the exploit can also be delivered with more conventional means, so I see no purpose for this article except to cause a panic about NFC. Pretty shameful. And people wonder why Android users claim the media is in Apple's pocket.

Re:And... iOS6 (-1)

grub (11606) | about a year and a half ago | (#41398763)

You have to tether your iOS 6 device to hack it. With this Galaxy 3 NFC hack, a stranger could do it sitting next to you on the bus.

Re:And... iOS6 (4, Informative)

jkflying (2190798) | about a year and a half ago | (#41398821)

Read the link:
http://thenextweb.com/apple/2012/09/19/dutch-security-researchers-hack-apple-iphone-4s-exploiting-safari/ [thenextweb.com]

They did it via a malicious webpage, which IMO is even worse than via NFC.

Re:And... iOS6 (0)

Anonymous Coward | about a year and a half ago | (#41398849)

iOS safari hacks aren't really news though.. you'd think they would close them after 6 os generations but noooo....

Re:And... iOS6 (1)

grub (11606) | about a year and a half ago | (#41398865)

Yeah, I was trying to reply to myself with that but here's a several minute delay between posts. :(

Re:And... iOS6 (2)

Graham J - XVI (1076671) | about a year and a half ago | (#41399263)

They both have web exploits but the Android variety can be triggered simply by being nearby an attacker. The iOS one needs a tricked user.

Re:And... iOS6 (2)

h4rr4r (612664) | about a year and a half ago | (#41400369)

2 centimeters is pretty darn close. How close do you stand to people?

Re:And... iOS6 (2)

Graham J - XVI (1076671) | about a year and a half ago | (#41400513)

The idea being that it's ok to have an insecure wireless interface on your smartphone as long as you don't have to be *too* close to it for it to work?

NFC stations are not usually on other people, they're in stores and random other places that entice you to use it. A hacked or augmented genuine NFC reader could be made to steal your data, for example.

Re:And... iOS6 (1)

h4rr4r (612664) | about a year and a half ago | (#41400783)

I did not say that, I only meant the attack vector is pretty small.

Scanning/running random code in public is as dumb as running an exe you get in an email.

My phone has NFC, that shit is turned off.

Re:And... iOS6 (3, Insightful)

hobarrera (2008506) | about a year and a half ago | (#41400689)

Ever been on the subway or a bus? It's around 0cm in either of those during some hours of the day.

to be fair (3, Insightful)

batistuta (1794636) | about a year and a half ago | (#41398903)

you also need to have NFC enabled on your Galaxy for this to work. NFC is enabled by default, sure. But it can be disabled easily. I also find myself living happily without NFC, but not without tethering, which I use daily during my bus commute.

So my point is that both vulnerabilities suck, and which one sucks the most depends solely on your use-case. There is no point in saying that one device is more secure than the other, both Apple and Google seem to suck big time here. You should not store any sensitive data on your phone.

Re:to be fair (0)

Anonymous Coward | about a year and a half ago | (#41400759)

you also need to have NFC enabled on your Galaxy for this to work. NFC is enabled by default, sure. But it can be disabled easily. I also find myself living happily without NFC

But, but, I was told the iPhone 5 was DOA without NFC!
What to believe? What to believe?

Re:And... iOS6 (0)

Anonymous Coward | about a year and a half ago | (#41399193)

So, if I don't ride the bus, I'm safe?

NFC Doesn't Work That Easily (5, Informative)

Chibi Merrow (226057) | about a year and a half ago | (#41399281)

With this Galaxy 3 NFC hack, a stranger could do it sitting next to you on the bus.

No, they'd have to be sitting next to me on the bus AND physically touch my phone with another device long enough to trigger NFC AND I have to have NFC enabled AND keep the devices in physical contact long enough for the download to complete OR hope that I have an active data connection AND the right web browser set as my default so their specially crafted web page loads to root my device...
Except that (since I have like six web browsers installed) it requires me to interact with the phone to pick the web browser to open the page... A lot more difficult to arrange than "sitting next to someone".

Also, the ASLR implementation is known to be incomplete on ICS. It's apparently fully fixed on Jelly Bean, so this hack shouldn't be possible on the S3 in a couple months, when the update is rolled out. Likewise, all of the Nexus NFC devices have been updated to Jelly Bean, so they're secure.

Yeah, it's sad that the hack was possible, but it was due to flaws in the OS, not due to problems with NFC, and only under a very contrived set of circumstances...

Re:NFC Doesn't Work That Easily (0)

Anonymous Coward | about a year and a half ago | (#41399887)

Also, the ASLR implementation is known to be incomplete on ICS. It's apparently fully fixed on Jelly Bean, so this hack shouldn't be possible on the S3 in a couple months, when the update is rolled out.

When the update is rolled out? That makes me laugh.

Re:NFC Doesn't Work That Easily (0)

Anonymous Coward | about a year and a half ago | (#41400233)

It's apparently fully fixed on Jelly Bean, so this hack shouldn't be possible on the S3 in a couple months, when the update is rolled out.

A couple of months? Based on my Galaxy Tab 10.1 ICS experience, I think a couple of *years* is a better guess.

Re:NFC Doesn't Work That Easily (0)

Anonymous Coward | about a year and a half ago | (#41400615)

First up NFC == RFID. When RFID was discredited for very good reasons, it was simply rebranded as NFC.

Secondly, all this bullshit about NFC being secure because you need close proximity is also bullshit. My credit card issuer insists on giving me cards with this stupid technology built in, and no amount of ranting at them will change their mind. Hackers with pringle can antennae have picked peoples' pockets from hundreds of metres away via this stupid RFID in a credit card crap, and now they want to put one in my phone as well. I hope someone exploits this hole and hugely embarrasses everyone involved, then maybe RFID / NFC can finally die. But more likely it will just be rebranded again.

Re:NFC Doesn't Work That Easily (2)

hobarrera (2008506) | about a year and a half ago | (#41400721)

1) Average users don't install several browsers.
2) On a subway or any other crowded enviroment, it's not hard to stay that close to someone for plenty of time.
3) "Rolled in a few months" can also be read as "All S3's will be vulnerable for several more months".
4) Average users don't change the defaults, including disabling the NFC.

Re:And... iOS6 (2)

emho24 (2531820) | about a year and a half ago | (#41399869)

It seems like you have never used NFC on Android devices. On my Android tablet and smartphone, you have to physically press them together and make sure you hit the "sweet spot". It doesn't work when the devices are inches apart.

Re:And... iOS6 (1)

Zizagoo (1848812) | about a year and a half ago | (#41399945)

You have to tether your iOS 6 device to hack it. With this Galaxy 3 NFC hack, a stranger could do it sitting next to you on the bus.

...with your phone unlocked, and your volume muted, and they'd have to touch the exact spot in the middle of that giant phone without being noticed...

Re:And... iOS6 (-1)

Anonymous Coward | about a year and a half ago | (#41398803)

Fucking paid android shill.

Re:And... iOS6 (-1)

Anonymous Coward | about a year and a half ago | (#41398947)

ironic... news post by a paid apple shill

Re:And... iOS6 (0)

Anonymous Coward | about a year and a half ago | (#41398899)

By what means? I don't doubt it was done, but the details would be interesting.

Re:And... iOS6 (0)

Anonymous Coward | about a year and a half ago | (#41398949)

And the most prolific phone hackers are going to be the cops, who probably have keys to any phone at all.

Re:And... iOS6 (5, Funny)

TeRanEX (916440) | about a year and a half ago | (#41399019)

At the same event, they also hacked iOS6. Just to give an unbiased view...

So apple can now sue Samsung because they copied the 'security issues'-feature from the iphone into the Galaxy?

lol andoird (0)

Anonymous Coward | about a year and a half ago | (#41399253)

your animes will get hax0red

Re:And... iOS6 (4, Informative)

UnknowingFool (672806) | about a year and a half ago | (#41399751)

Also for unbiased view, Pwn2Own is turn based as far as I remember. So any gloating that X device was first to be pwned is meaningless. Teams register before the contest. Team order is chosen randomly (drawing straws, 12 sided dice, whatever). The first team decides which device to be hacked and is given a time period to do so. If they succeed, they get the device. If the first team fails, the second team gets their chance and choice of device. If the first team succeeds, the next team with an unhacked device goes. Some teams register for multiple devices to get a better chance to win something.

So gloating that iOS or Androd was first to be pwned is useless. It doesn't tell anything about ease of hack or relative security of devices. What matters if they were pwned.

Sure, exactly the same (2, Informative)

SuperKendall (25149) | about a year and a half ago | (#41400499)

Yes, iOS6 was hacked. So if you were lured into visiting some bad web site site someone could potentially see your address book and photos - Oh no!

Meanwhile everyone you bump with the S3 could be a carrier of a filthy, filthy disease that would render your entire system open to keyloggers or whatever.

The iOS6 attack is read only, the NFC attack write...

Re:Sure, exactly the same (0)

Anonymous Coward | about a year and a half ago | (#41400733)

You are a complete fucking idiot. Do you even think before you run your dickbeaters over your keyboard, dufus? Come back when you actually know what you're talking about.

Well that stinks (1)

halfEvilTech (1171369) | about a year and a half ago | (#41398739)

Hopefully they actually patch something like this, but knowing Verizon, AT&T, etc it won't for at least 6 months

Re:Well that stinks (2)

dmacleod808 (729707) | about a year and a half ago | (#41399171)

Whilst if Apple acknowledges the security issue, they will fix it pretty quick for ALL devices, OTA.

Re:Well that stinks (1)

hobarrera (2008506) | about a year and a half ago | (#41400745)

How are service providers involved in what updates you install on your OS, which is not developed or maintained by them?

Re:Well that stinks (2)

CoolVC (131998) | about a year and a half ago | (#41400801)

Good question. That's part do the reason I have an iPhone. Less carrier involvement in everything.

NFC no thank you (-1)

Anonymous Coward | about a year and a half ago | (#41398749)

Seriously....NFC is a waste and not needed. And if you say it is needed your an idiot.

Re:NFC no thank you (1)

Anonymous Coward | about a year and a half ago | (#41398965)

No, YOUR an idiot.

Andoird no thank you (-1)

Anonymous Coward | about a year and a half ago | (#41399285)

Seriously....Andorid is a waste and not needed. And if you say it is needed your an idiot or a poor or both.

Re:Andoird no thank you (0)

Anonymous Coward | about a year and a half ago | (#41400769)

Misspell something once and it is a typo. Do it twice and you a complete fucking idiot. Idiot.

The U.S. will probably mandate the use of NFC now (0)

Terry Pearson (935552) | about a year and a half ago | (#41398765)

This will be a big boon for Android. Given the current infatuation with government invasion of privacy here, government will probably mandate NFC capable phones everywhere now that you can get so much information off of it so easily :-)

Re:The U.S. will probably mandate the use of NFC n (0)

Anonymous Coward | about a year and a half ago | (#41400795)

This is a big boon for trolls. Oh look...

Is it really such a big deal? (4, Informative)

pablo_max (626328) | about a year and a half ago | (#41398781)

I am not totally sure why these handset hacks are always such big news. What are the chances that this can happen to a normal person? One, you would need to have NFC enabled, which people may do, but at least I never do by default. Two, you need physical access to the handset.
Has it not been the case for a very long time that if you lose your handset that someone can use it, NFC or no NFC? Oh, and they need to trigger the exploit 185 times before it worked. I think we are still reasonably safe.

Re:Is it really such a big deal? (3, Interesting)

CimmerianX (2478270) | about a year and a half ago | (#41398835)

The Hacks just prove that there is a rush to implement new technology without considering the security implications of the tech.

This is just history repeating itself. Every company wants to be the first to announce this brand new, 'cool' feature, but none will wait for the 'geeks' to test it for security issues.

Re:Is it really such a big deal? (3, Insightful)

fuzzyfuzzyfungus (1223518) | about a year and a half ago | (#41398989)

The Hacks just prove that there is a rush to implement new technology without considering the security implications of the tech.

This is just history repeating itself. Every company wants to be the first to announce this brand new, 'cool' feature, but none will wait for the 'geeks' to test it for security issues.

The irksome thing is that, while NFC is mildly novel in terms of the RF tricks(supporting both active/passive RFID-type use cases and short-range active/active ones), and I could see there being some teething pains on that side, these attacks are on NFC as an external data bus that wasn't attended to properly... Some sort of 'specially crafted responses cause hard lockup on $FOOCORP NFIC123 chips with firmware 1.0A' attack would be bad; but more or less par for the course. A more generic 'Hi guys! We added another wireless interface to your phone that happily talks to anything nearby by default, and even automatically executes certain local commands based on what it hears, that's cool, right?" mistake is... unimpressive.

NFC may be new; but the fact that an easily accessible external bus would be an attack vector, against which you should be on your guard, sure isn't. It's less clunky that having some 80's 25-pin RS-232 port on the back of your phone; but it's conceptually pretty similar.

Re:Is it really such a big deal? (0)

fast turtle (1118037) | about a year and a half ago | (#41399351)

and this is just one more reason I'm quite happy with my dumb phone and no, it's not even a feature phone. It is simply a phone and that's exactly the way I like it.

Re:Is it really such a big deal? (0)

Anonymous Coward | about a year and a half ago | (#41398955)

I don't think you're qualified to determine that "we are still reasonably safe". And there are definite indications you have a biased opinion towards Android. This whole smartphone fanboyism is completely ridiculous. It's making people ignore legitimate problems that need immediate attention. Downplaying vulnerabilities like this doesn't help anyone so stop it. Android should be held accountable for this and required to immediately patch, as should iOS for their recent exploits, as should Windows phone, BlackBerry and whoever else. The costs that result from mobile exploits aren't limited to the victim and I for one think we should be shaming these companies not brushing it off.

Re:Is it really such a big deal? (0)

Anonymous Coward | about a year and a half ago | (#41399689)

it would be nice if the market would demand that the carriers guarantee an OS upgrade path and update repos for as long as you own your device. instead of wasting 6 months-1year+ crippling a single OS release and then never getting a single update. until the masses realize the absurdity of this arrangement, the carriers will keep treating their customers like they are stupid. maybe the existence of android will increase the numbers exposed to linux(repos+updates) and more will start to question why their phone is different somehow. you already see windows users installing ubuntu at xda-developers so they can hack on android more efficiently.

Re:Is it really such a big deal? (5, Insightful)

vawwyakr (1992390) | about a year and a half ago | (#41399049)

I think that is pretty key here, 185 times at the range of less than and inch or so is basically someone sitting there next to you pretty much touching you for 5 minutes. Obviously this is something that needs to be fixed but I'll hold off on my panic just yet. Even if it worked on the first try someone would have to first identify you as having a vulnerable phone, and where you have if (ie which pocket, etc) then get so close as to be practically touching you and then they have to hope that you have nfc enabled. This isn't some sort of thing you can do just casually walking down the street. It might be an issue for a particular person being targeted but not very likely for a random attack.

Re:Is it really such a big deal? (0)

Anonymous Coward | about a year and a half ago | (#41399139)

No what's key is that it's proven. Who gives a flying F about it happening while you're walking down the street. If you can't think of multiple scenarios where this attack could be executed you're either too dense to discuss the topic or too biased.

Re:Is it really such a big deal? (4, Insightful)

vawwyakr (1992390) | about a year and a half ago | (#41399605)

So that assumption here is what? Someone walks down the street bumping into random strangers repeatedly hoping that:

1) The bump into the side where the strangers phone was being held.
2) The two phones are perfectly at the same height (presumably in a pocket).
3) The strangers phone is vulnerable.
4) They have NFC enabled.
5) They could hold the phones in contact for the about of time necessary to transfer both an overloaded filed (presumably exceeded a buffer limit) and THEN also transfer the app compromised app that allows the actual hack to work (over a connection with a maximum bandwidth of a few hundred kbits/s).
6) Then after the hack succeeded they remained in contact long enough for the data from the strangers phone to be transferred back to the hackers phone.

All with anyone noticing? That's all assuming they fix whatever issue was causing it to need to be run 185 times before it finally worked? Assuming those 185 times were the incremental transfers of all the data needed? Again I'm still not scared. And this is fixed in Jelly bean (which my S3 is running...doom on you close talking random guy on the street thinking you finally found someone with an S3 to stand uncomfortably close to!).

Re:Is it really such a big deal? (1)

danomac (1032160) | about a year and a half ago | (#41400459)

If someone bumped into me 185 times, I'd notice and do something about it.

Re:Is it really such a big deal? (1)

vawwyakr (1992390) | about a year and a half ago | (#41400207)

Missed the part about walking down the street, ok so what other anonymous situations do you see? On the bus? Or are we talking about pickpockets? I can see this as an issue for non-anonymous situations (I know that guy and his phone is vulnerable) but for random situations I can't see a lot that would be overly successful. Perhaps you can help me see some of these situations instead of just cussing at me and calling me names?

Re:Is it really such a big deal? (0)

Anonymous Coward | about a year and a half ago | (#41399483)

basically someone sitting there next to you pretty much touching you for 5 minutes.

So slashdot users are safe from this!

Re:Is it really such a big deal? (0)

Anonymous Coward | about a year and a half ago | (#41399749)

Finally, a good reason not to bathe or shave or get my hair cut!

It's for security, mom! Go back upstairs!

Re:Is it really such a big deal? (1)

interkin3tic (1469267) | about a year and a half ago | (#41399127)

One, you would need to have NFC enabled, which people may do, but at least I never do by default.

What ARE the uses for NFC right now. I know google wallet works for the galaxy nexus and a few phones by sprint, and ISIS hasn't come out yet, but what are people actually doing with it besides hacking phones and thinking about how at some point in the future, they'll be able to buy coffee with their phone?

Re:Is it really such a big deal? (0)

Anonymous Coward | about a year and a half ago | (#41399659)

It's a big story because it shows such over-the-top astounding shocking unbelievable massive incompetence on the part of the OS maker.

It shows that while on a normal computer, you don't think of just any I/O, e.g.
10 PRINT "ANDROID AND IOS ARE THE WINDOWS 95 OF OUR TIME"
20 GOTO 10
as being potentially unsafe for the entire device, nearly everyone is using garbage where the designers really do get totally basic things wrong, that a typical inexperience teenager wouldn't screw up.

Android and iOS suck. They aren't merely "below average" but really are the Windows 95 of our time. So bad, so apparently-bad-on-purpose, so much worse than everything you have grown used to, and yet also so ubiquitous, that's it's just totally comical.

Such things really are worth talking about. It's like voters actually choosing GWB to be re-elected in 2004. It really happened. The most absurd fiction writer would never think up anything as stupid as reality itself.

Jelly bean fixes this? (2)

Terry Pearson (935552) | about a year and a half ago | (#41398811)

The article eludes to the fact that Jellybean may fix this. All the more reason for carriers and manufactures to expedite upgrades.

Re:Jelly bean fixes this? (0)

Anonymous Coward | about a year and a half ago | (#41398889)

The article may allude to it, but I doubt it eludes it.

Re:Jelly bean fixes this? (1)

fuzzyfuzzyfungus (1223518) | about a year and a half ago | (#41399009)

By 'upgrade', you mean the new handset that you get for 'free' when you sign my two-year service contract, right consumer?

Re:Jelly bean fixes this? (1)

BradleyUffner (103496) | about a year and a half ago | (#41399801)

By 'upgrade', you mean the new handset that you get for 'free' when you sign my two-year service contract, right consumer?

Cyanogen Mod.

Not exactly practical (3, Informative)

ThunderBird89 (1293256) | about a year and a half ago | (#41398863)

Given the short range and low bandwidth (424 kilobits/s) of NFC technology, this is more of an esoteric attack than a practical one. I think I'd notice someone shadowing me with a hand at my pocket to connect to my Nexus S via its NFC chip and pull data from it...
Still, it's a show of force (and vulnerabilities).

Re:Not exactly practical (3, Interesting)

jkflying (2190798) | about a year and a half ago | (#41398977)

They don't need to. Just upload a little executable that sends everything over wifi/3G to them, and listens to new commands over those interfaces as well.

Re:Not exactly practical (5, Insightful)

fuzzyfuzzyfungus (1223518) | about a year and a half ago | (#41399087)

The more worrisome thing is probably that NFC is built in in the hope that swiping it all over the place against untrusted devices will become a normal behavior(sort of the way that attacks against the USB charge/data port are wildly impractical, until random charging kiosks start popping up in airports and all over the place, at which point behavioral protection goes out the window, and a bunch of systems intended only to connect to your home PC start getting shoved into god-knows-what...). Sure, as an attack to execute against the phone in your pocket, it is only marginally more practical than making a stab for the USB port; but if the happy-magic-future-of-even-more-middlemen-and-fees comes to pass, you'll see anywhere between several and dozens of readers a day getting a chance to try whatever they want when you shove your phone onto the pad(plus, if ATMs and mag stripe skimming are any indication, it will be about 20 minutes before somebody comes out with a nice little stick-on thin-circuit-in-rugged-sticker NFC 'skimmer' that can be planted on top of legitimate NFC pads and will do its best to MitM legitimate conversations or attack devices while they converse with the genuine NFC pad and log the results).

Security by Obscurity? (0)

Anonymous Coward | about a year and a half ago | (#41399213)

424kb/s is 42k/second is all your telephone contacts, emails addresses etc per second. That's plenty for a major heist. It was only a few years back that 128kbps was called broadband FFS (2004 my DSL was 128kbps).

Short range is a fairer comment, but even so, someone will simply invent a booster antenna like they did with Bluetooth hacks to expand the range. Hacking the person sitting in front of you on the bus or next to you on the train is quite feasible.

Basically Samsung or Google screwed up, the best cause of action is hands up, then a quick fix, followed by detailed analysis of all the other front facing code to see what else might be hiding. Denial never works in these situations.

Re:Not exactly practical (1)

Anonymous Coward | about a year and a half ago | (#41400835)

It's only short range with standard consumer equipment. There's nothing stopping someone from boosting the signals. It's like claiming wifi or bluetooth is secure because the range is within your building. That malicious guy over there has no problem using a booster (or even just a simple yagi)

It's a good thing I don't go bumping/grinding (3, Informative)

BMOC (2478408) | about a year and a half ago | (#41398887)

against random hackers while having my cell phone in my pocket at the geek-overloaded dance clubs on a regular basis... I guess I'm safe for now.

Key phrase from the report: by holding two Galaxy S 3s next to each other .

Re:It's a good thing I don't go bumping/grinding (0)

Anonymous Coward | about a year and a half ago | (#41399089)

Until they start placing skimmers on NFC readers or whatever they are called, just like they do with ATMs.

Re:It's a good thing I don't go bumping/grinding (1)

Zizagoo (1848812) | about a year and a half ago | (#41400057)

But practically any app which interacted with an NFC reader would force the phone into write mode, which blocks incoming packets. Otherwise you'd never get the chance to write...

Re:It's a good thing I don't go bumping/grinding (0)

Anonymous Coward | about a year and a half ago | (#41399245)

Like sitting on the bus/train?

Re:It's a good thing I don't go bumping/grinding (1)

Bill Dimm (463823) | about a year and a half ago | (#41400127)

Like sitting on the bus/train?

The trick is to get onto the bus/train smelling really bad, so nobody will dare get close to you. Many people seem to already be employing this technique.

Re:It's a good thing I don't go bumping/grinding (0, Troll)

Anonymous Coward | about a year and a half ago | (#41399359)

Another S3 isn't a requirement, it was just demonstrated like that, you fucktard.

Doesn't this violate Apple's new NFC/TSA patent? (0)

Anonymous Coward | about a year and a half ago | (#41399117)

I mean, that's exactly what Apple's patent lets the TSA do to your phone.

This is not a good thing!! (-1)

Anonymous Coward | about a year and a half ago | (#41399223)

Stop doing this, and stard making money online. Its very simple, check this (with google translate) http://venderproductosdeotros.com/

trust me, this is not good (-1)

Anonymous Coward | about a year and a half ago | (#41399239)

Stop doing this, and stard making money online. Its very simple, check this (with google translate) www.venderproductosdeotros.com [venderprod...eotros.com]

Going to sum up what I see as the threat here (1)

vawwyakr (1992390) | about a year and a half ago | (#41399641)

I posted this above but here's what I see (maybe I'm missing something so help me out). So that assumption of danger here is what? Someone walks down the street bumping into random strangers repeatedly hoping that:

1) The bump into the side where the strangers phone was being held.
2) The two phones are perfectly at the same height (presumably in a pocket).
3) The strangers phone is vulnerable.
4) They have NFC enabled.
5) They could hold the phones in contact for the about of time necessary to transfer both an overloaded filed (presumably exceeded a buffer limit) and THEN also transfer the app compromised app that allows the actual hack to work (over a connection with a maximum bandwidth of a few hundred kbits/s).
6) Then after the hack succeeded they remained in contact long enough for the data from the strangers phone to be transferred back to the hackers phone.

All with anyone noticing? That's all assuming they fix whatever issue was causing it to need to be run 185 times before it finally worked? Assuming those 185 times were the incremental transfers of all the data needed? Again I'm still not scared. And this is fixed in Jelly bean (which my S3 is running...doom on you close talking random guy on the street thinking you finally found someone with an S3 to stand uncomfortably close to!).

Re:Going to sum up what I see as the threat here (1)

BradleyUffner (103496) | about a year and a half ago | (#41399889)

I posted this above but here's what I see (maybe I'm missing something so help me out).
So that assumption of danger here is what? Someone walks down the street bumping into random strangers repeatedly hoping that:

1) The bump into the side where the strangers phone was being held.
2) The two phones are perfectly at the same height (presumably in a pocket).
3) The strangers phone is vulnerable.
4) They have NFC enabled.
5) They could hold the phones in contact for the about of time necessary to transfer both an overloaded filed (presumably exceeded a buffer limit) and THEN also transfer the app compromised app that allows the actual hack to work (over a connection with a maximum bandwidth of a few hundred kbits/s).
6) Then after the hack succeeded they remained in contact long enough for the data from the strangers phone to be transferred back to the hackers phone.

All with anyone noticing? That's all assuming they fix whatever issue was causing it to need to be run 185 times before it finally worked? Assuming those 185 times were the incremental transfers of all the data needed? Again I'm still not scared. And this is fixed in Jelly bean (which my S3 is running...doom on you close talking random guy on the street thinking you finally found someone with an S3 to stand uncomfortably close to!).

This could be done similar to the way Bank Card Skimmers work. Place a fake nfc device in a situation where a real one would be likely (gas station pump for example). Then sit and wait for people to try and use it.

Take over meaning root access? (0)

Anonymous Coward | about a year and a half ago | (#41399767)

If that's the case, someone is probably already making a root-access-giving program that works through phone-to-phone NFC as we speak.
Although... transmission through intimate contact? That sounds awfully like an STD...

Only on Slashdot (5, Insightful)

EGSonikku (519478) | about a year and a half ago | (#41400109)

Someone discusses an NFC hack to root and steal data off Android and half the posts are "Apple isn't secure either!"

Focus people! Slashdot is supposed to be the home of Linux and Open Source and über hacks! Why isn't anyone deceminating how this hack works and posting some kind of work-around that isn't just "Don't use NFC" (a feature which Apple gets derided for not having)?

Remember, a fix isn't "Don't use NFC and switch to another browser." Let's assume a user *likes* NFC, and *likes* his web browser as it is. Lets *fix* the problem here. Any thoughts or conjecture?

Re:Only on Slashdot (1)

vawwyakr (1992390) | about a year and a half ago | (#41400299)

Well based on the article it sounds like its already fixed in the current version of Android. So not much to focus on I suppose?

Re:Only on Slashdot (1)

jo_ham (604554) | about a year and a half ago | (#41400713)

Well based on the article it sounds like its already fixed in the current version of Android. So not much to focus on I suppose?

The 2% of Android users that have the current version are safe then!

Feature deactivation (0)

Anonymous Coward | about a year and a half ago | (#41400253)

Turns out users can simply deactivate NFC when they're not using it. I do these things with WiFi, GPS and Bluetooth. Both for sercurity and battery-saving purposes.

Pwn2Own my Ass (0)

Anonymous Coward | about a year and a half ago | (#41400711)

That NFC exploit was F'n WEAK!
C'mon dudes. Seriously? You can do better!

"As you can see, (glaven!) with the use a willing victim who stands perfectly still; a soldering iron and logic probe; 'Don't touch!' ;we can subvert the phone after one hour. Why anyone would want to want to use such a dangerous communication medium is beyond me. (a-hem!)"

185 Attempts needed? (0)

Anonymous Coward | about a year and a half ago | (#41400843)

"The flaw had to be triggered 185 times in the exploit code in order to overcome some of the vulnerability’s limitations."

While I'm certain the exploit could be improved, I'm fairly certain that if it takes 185 tries to work, it is not practical to exploit this in the wild at this time.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...