Great use for NFC: Hacking a Samsung Galaxy S3 and Android

Posted on Friday, September 21st, 2012 at 6:35 am. PT

Security researchers participating in the Mobile Pwn2Own contest at the EuSecWest Conference in Amsterdam today demonstrated how to hack Android through Near Field Communication (NFC). The 0day exploit was developed by four MWR Labs employees (two in South Africa and two in the UK) for a Samsung Galaxy S 3 phone running Android 4.0.4 (Ice Cream Sandwich). Two separate security holes were leveraged to completely takeover the device, and download all the data from it.

Perfect!

http://www.johncblandii.com John C. Bland II

Ouch!
- MacsenMcBain
  
  Kinda give a new meaning to “open.”
  - http://www.johncblandii.com John C. Bland II
    
    Nope, it doesn’t. See my other comment. iOS isn’t flawless either.
    
    Open or closed…hackers hack.
http://www.johncblandii.com John C. Bland II

Seems iOS has its hack problems too: http://thenextweb.com/apple/2012/09/19/dutch-security-researchers-hack-apple-iphone-4s-exploiting-safari/

link from the above referenced post
Chris

“The attack isn’t limited to NFC though; it can also be abused via other attack vectors, such as malicious websites or email attachments.”

This is a pretty poor attempt to discredit NFC/Samsung.
- http://www.appleoutsider.de/ AppleOutsider.de – Sebastian P
  
  The problem is that you can boost any NFC signal. This enables a hacker to basically sit in a Starbucks and hack every single Samsung S III user that comes within a couple of meters.
  
  That IS a significant different attack vector than the iOS hack linked above because you can expect someone who comes into a store to most likely come back later on. If you get all ther contact data, all their emails et cetera, you could use a program to check if they have a GMail or MobileMe/iCloud account set up, request a password reset, catch that reset email while they wait for their latte, and change their info while they are in the store, while having ALL their data from their address book, e.g. also their home address because you usually have an entry for yourself in your address book as well.
  
  This is ideal for any regular burglar. You just sit there waiting for locals to show up and you basically get a shopping list where to go in the next couple of weeks.
  
  Simply setting up a website doesn’t generate that. People need to visit a website on their own (even though there are scenarios where you could set up a honeypot for them to get local people visit your sites because you have to register a website and pay for it you’ll be a thousand times more easy to hunt down via said information). E-Mail would be less trackable but you’d still have to get those E-mails sent to you in some way. Even that is a couple times more dangerous for you as a hacker.
  
  And nobody in a Starbucks is even going to look at you funny because you are sitting there with a laptop “working”. All you’d have to do is not come back to that exact same Starbucks over and over because the only way you could be found is via a signal detector.
  
  It really isn’t the same and it IS a good point and valid criticism for NFC. The sheer fact alone that TNW linked to an iOS hack in that article makes me even WANT that Apple not put ANY near range technology into their phones.
  
  Which kind of brings me to the shitty security implementation in WhatsApp. On iOS they use the WLAN adapter’s MAC address and just like in the example above you at the moment only have to sit in a Starbucks with an open WLAN and you can hack EVERY single WhatsApp user that comes near you. You can completely take over their WhatsApp account because there’s virtually no real security measure implemented by the makers of WhatsApp. It’s beyond me how Apple approved that app in the first place. You’d think that the security measures in such a crucial App would be vetted more intensely.
Zeatrix

Seriously people. All devices have security problems, whether it be Apples, Samsungs, Nokias, Sonys, HTCs or anyone elses. It’s just a fact of software engineering.
http://www.techthirst.com/ Anuj Ahooja

It says this problem was solved in Jelly Bean.

What did you call bad journalism? Oh, right: Lazy Bullshit Reporting.
- gjgustav
  
  Yes, but most Android users can’t upgrade their OS.
  - http://www.techthirst.com/ Anuj Ahooja
    
    My point was that in the title Jim makes it seem like it’s a problem with NFC when in reality Google slipped up on the software end.
    - gjgustav
      
      Who cares? The point is that there a lots of Android phones out there that can be hacked through NFC. Whether it’s the fault of the hardware or software is irrelevant. It’s always the fault of software. Hardware doesn’t do anything without software.
      - http://www.techthirst.com/ Anuj Ahooja
        
        …yes. The article states that. You’re completely missing my point.
        
        Ever since the iPhone was announced without NFC, Apple bloggers such as Jim, MG, and Gruber have been making up excuses as to why NFC is “useless”. This is just another one of those.
      - Sharon_Sharalike
        
        You use some interesting phrasing. Jim’s doing “bad journalism,” Apple bloggers are “making up” excuses, but Google only “slipped up.” That little “slip up” allows complete control over the device, including surreptitious use of the telephone. Be sure to check your mailbox for that $6,000 phone bill for a few hundred calls to 1-900-HOT-PWND.
      - gjgustav
        
        No, this particular article pointed out not that NFC is useless but that it can also be insecure as well.
        
        Unless of course you are asserting that Apple’s implementation would have been completely bug free and secure, so NFC on the iPhone is really nothing to worry about, and that only Google would screw it up. If that is the point you were trying to make, my apologies.