“Smartphones’ growing adoption of so-called ‘near field communications’ promises to let the device in your pocket wirelessly make payments, beam info to other phones, and seamlessly sync with nearby computers,” Andy Greenberg reports for Forbes. “It might also let an artful hacker pickpocket your private information right through your clothes.”
“At the Black Hat security conference Wednesday… Android hacker Charlie Miller plans to present a grab bag of new tricks that allow him to take complete control of Android and Nokia phones simply by bringing another device or just a chip within a few inches of the target gadget,” Greenberg reports. “Miller, who works for security firm Accuvant but whose research was also funded in part by the Pentagon’s research arm the Defense Advanced Research Projects Agency, found that he could simply flash a near-field-communications (NFC) tag containing a chip next to an Android Nexus S phone to load a malicious url in the phone’s browser through a feature that Google calls Android Beam. From there, he was able to exploit a second, older vulnerability in the phone’s browser to take complete control of the device through the rigged website, accessing any information stored on its SD card or potentially installing software to monitor its communications.”
Greenberg reports, “In other words, by merely brushing up against someone in a crowded room, Miller could hijack his or her handset.”
Read more in the full article here.
[Thanks to MacDailyNews Reader “David G.” for the heads up.]