“Smartphones’ growing adoption of so-called ‘near field communications’ promises to let the device in your pocket wirelessly make payments, beam info to other phones, and seamlessly sync with nearby computers,” Andy Greenberg reports for Forbes. “It might also let an artful hacker pickpocket your private information right through your clothes.”
“At the Black Hat security conference Wednesday… Android hacker Charlie Miller plans to present a grab bag of new tricks that allow him to take complete control of Android and Nokia phones simply by bringing another device or just a chip within a few inches of the target gadget,” Greenberg reports. “Miller, who works for security firm Accuvant but whose research was also funded in part by the Pentagon’s research arm the Defense Advanced Research Projects Agency, found that he could simply flash a near-field-communications (NFC) tag containing a chip next to an Android Nexus S phone to load a malicious url in the phone’s browser through a feature that Google calls Android Beam. From there, he was able to exploit a second, older vulnerability in the phone’s browser to take complete control of the device through the rigged website, accessing any information stored on its SD card or potentially installing software to monitor its communications.”
Greenberg reports, “In other words, by merely brushing up against someone in a crowded room, Miller could hijack his or her handset.”
Read more in the full article here.
[Thanks to MacDailyNews Reader “David G.” for the heads up.]
So Android and Nokia are unsecure pieces of crap. And your point is??
Duhhh. ummmm, whats your, ummmm, point. Duhhhh. Uhh, I like mean, man, like, like, duhhhhh. You win the dunce of the day award.
His point is that recognizing sarcasm requires intellect.
How you liking that un-walled garden now, droid-boy?
Yet again, x proves that his inability to produce a user-name comprising more than one letter extends to his other intellectual capabilities. It’s been shown recently that Corvids have an intelligence equal to that of a seven year-old child; I’d say that x falls even further behind your average crow.
It’s not a bug it’s a special Android feature in the like-minded and admiring Google evil. If iPhone is a “walled garden” surely Android is a “walled prison” where inmates get hard-reamed daily, hourly & every second.
Yeah, yeah; Android is OPEN to everything.
Way to go Eric the Mole, what a technical tour de force of technological understanding & excellence!
Anyone is free to walk away from Apple’s “walled garden” if he is not happy. But no one is able to free himself from Google’s “‘freedom’ gulag”. Once he surrenders his personal details to Google, he will be imprisoned for life. He will be tracked 24 hours daily until he’s dead because Google will never agree to give up what it considered to be the bargain in hell: Google gives free baubles in exchange for one’s soul for life.
No it really is a feature, for gooogle. It allows their soon to be deployed “camera people” to quickly and easily scan the contents of your mobile device.
You see, google determined that their “camera cars” were not nearly invasive enough, just taking pictures of the outside of you house and logging your wifi (and any data, passwords, etc, that they could grab) just weren’t enough anymore.
So, they conceived of an idea of getting college students to wear a 360° “camera hat” which will photograph people constantly, in normal google tradition of privacy invasion they will also be logging any wifi data they can get. Not to be satisfied they have created a new program called “give the idiots an ice cream sandwich wile sucking their data out the other end” (yes it was a bit wordy;-) This is a “feature” in android which allows google to scan, retrieve and store (for later analysis and resale) the entire contents of your android device.
/i/s
Wow. That’s got to be one of the best hacks (and worst vulnerabilities) I’ve ever heard of. Will be interesting to hear more details as they emerge, like if later android browsers have already patched this hole.
So that’s what they mean about android being open?
“Open”, as in legs spread wide.
Open as in bent over and ankles grabbed.
don’t forget arms and legs being tied too
You gotta pick a pocket or two
Alec Hardison does that every week on Leverage. It’s the age of the geek, baby.
leverage fan 😉
. 1
Stealing, Lies, Bribery, Extortion, Hacking…. Is this not business as usual for Google? No worries, none should be concerned with such petty exploits, especially from such a trustworthy company such as Gaagle. Smirk 😏
Ok, I admit it. Android is more open. Sharing is caring!
This is in line with expectations.
These security issues with NFC is possibly the reason why Apple has yet to introduce that technology into the iPhone. Chances are any phone with NFC is open to the same type of fraud.
Yup. Apple will try to do better but I think it will be hacker heaven no matter who develops a system. There are areas of technology that are just simply dangerous. I believe this will be one of those areas. But credit card identification information is stolen by the millions and we keep using credit cards so who knows?
We all know Andriod is very “open”, so this finding did surprise me at all
As an iPhone and iPad user, I am more interested in finding out Charles Miller’s latest iOS and Mac OS X hacks.
BTW, did Charles Miller used to work for NSA?
Damn auto correct. I meant to say “… Didn’t surprise me at all …”
I love how they call him a “Researcher” now lol.
@iCupertino
I was thinking of a different guy… yes he did work for the NSA for 5 years.
http://en.wikipedia.org/wiki/Charlie_Miller_(security_researcher)
Google wanted their devices to be hackable, not crackable.
To quote Steve Ballmer’s Zune
“Welcome to the social.”
If Charlie Miller is involved, he’ll be able to figure out convenient hacks for iOS devices as well.
Haven’t all of his iOS and OS X hacks so far been cheating, where he disabled normal default security on the device prior to hacking it?
Sounds like Apple’s lack of NFC is the real security advantange here for iOS.