Researcher takes complete control of Android and Nokia phones by merely waving another device near them

“Smartphones’ growing adoption of so-called ‘near field communications’ promises to let the device in your pocket wirelessly make payments, beam info to other phones, and seamlessly sync with nearby computers,” Andy Greenberg reports for Forbes. “It might also let an artful hacker pickpocket your private information right through your clothes.”

“At the Black Hat security conference Wednesday… Android hacker Charlie Miller plans to present a grab bag of new tricks that allow him to take complete control of Android and Nokia phones simply by bringing another device or just a chip within a few inches of the target gadget,” Greenberg reports. “Miller, who works for security firm Accuvant but whose research was also funded in part by the Pentagon’s research arm the Defense Advanced Research Projects Agency, found that he could simply flash a near-field-communications (NFC) tag containing a chip next to an Android Nexus S phone to load a malicious url in the phone’s browser through a feature that Google calls Android Beam. From there, he was able to exploit a second, older vulnerability in the phone’s browser to take complete control of the device through the rigged website, accessing any information stored on its SD card or potentially installing software to monitor its communications.”

Greenberg reports, “In other words, by merely brushing up against someone in a crowded room, Miller could hijack his or her handset.”

Read more in the full article here.

[Thanks to MacDailyNews Reader “David G.” for the heads up.]

31 Comments

      1. Yet again, x proves that his inability to produce a user-name comprising more than one letter extends to his other intellectual capabilities. It’s been shown recently that Corvids have an intelligence equal to that of a seven year-old child; I’d say that x falls even further behind your average crow.

  1. It’s not a bug it’s a special Android feature in the like-minded and admiring Google evil. If iPhone is a “walled garden” surely Android is a “walled prison” where inmates get hard-reamed daily, hourly & every second.

    1. Anyone is free to walk away from Apple’s “walled garden” if he is not happy. But no one is able to free himself from Google’s “‘freedom’ gulag”. Once he surrenders his personal details to Google, he will be imprisoned for life. He will be tracked 24 hours daily until he’s dead because Google will never agree to give up what it considered to be the bargain in hell: Google gives free baubles in exchange for one’s soul for life.

    2. No it really is a feature, for gooogle. It allows their soon to be deployed “camera people” to quickly and easily scan the contents of your mobile device.

      You see, google determined that their “camera cars” were not nearly invasive enough, just taking pictures of the outside of you house and logging your wifi (and any data, passwords, etc, that they could grab) just weren’t enough anymore.
      So, they conceived of an idea of getting college students to wear a 360° “camera hat” which will photograph people constantly, in normal google tradition of privacy invasion they will also be logging any wifi data they can get. Not to be satisfied they have created a new program called “give the idiots an ice cream sandwich wile sucking their data out the other end” (yes it was a bit wordy;-) This is a “feature” in android which allows google to scan, retrieve and store (for later analysis and resale) the entire contents of your android device.

      /i/s

  2. Wow. That’s got to be one of the best hacks (and worst vulnerabilities) I’ve ever heard of. Will be interesting to hear more details as they emerge, like if later android browsers have already patched this hole.

  3. Stealing, Lies, Bribery, Extortion, Hacking…. Is this not business as usual for Google? No worries, none should be concerned with such petty exploits, especially from such a trustworthy company such as Gaagle. Smirk 😏

    1. Yup. Apple will try to do better but I think it will be hacker heaven no matter who develops a system. There are areas of technology that are just simply dangerous. I believe this will be one of those areas. But credit card identification information is stolen by the millions and we keep using credit cards so who knows?

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.