Mobile phones equipped with Near Field Communication technology may fall victim to a new type of attack that does not require physical interaction with the phone. A proof of concept attack demonstrated by security researcher Charlie Miller of Accuvant Labs uses Near Field Communication technology paired with well-known vulnerabilities in the Android platform to compromise the integrity of the smartphone.
The demonstration, performed during the BlackHat conference in Las Vegas, revealed that an attacker can set up NFC-based radio communication with the phone by simply placing a compromised tag near the phone. When the phone senses the tag, it automatically runs the browser and accesses the specified website. For demonstration purposes, Miller forced the device to visit a page that exploited a vulnerability in the Webkit browser of Android versions older than Gingerbread.
Android is not the only platform vulnerable to this kind of attack. The same demonstration was performed on a Nokia N9, powered by theMeeGo operating system.
“What that means is with an NFC tag, if I walk up to your phone and touch it, or I just get near it, your Web browser, without you doing anything, will open up and go to a page that I tell it to,” Miller said quoted by BGR. “So instead of the attack surface being the NFC stack, the attack surface really is the whole Web browser and everything a Web browser can do. I can reach that through NFC.”
Although the attack vector is extremely unusual and requires nearly no interaction with the victim’s smartphone, the attack requires that the malicious tag be placed very close to the targeted smartphone.