- Top 10 Recession-Proof IT Jobs
- 7 Hot IT Jobs That Will Land You a Higher Salary
- Link Building Strategies and Tips for 2014
- Top 10 Accessories for Your iPad Air
Network World - At the Black Hat Conference in Las Vegas Wednesday, Accuvant Labs researcher Charlie Miller showed how he figured out a way to break into both the Google/Samsung Nexus S and Nokia N9 by means of the Near Field Communication (NFC) capability in the smartphones.
NFC is still new but it’s starting to become adopted for use in smartphone-based purchasing in particular. The experimentation that Miller did, which he demonstrated at the event, showed it’s possible to set up NFC-based radio communication to share content with the smartphones to play tricks, such as writing an exploit to crash phones and even in certain circumstances read files on the phone and more.
|Black Hat panel: Which do you trust less with your data, the U.S. government or Google?|
|Tatu Ylonen, father of SSH, says security is 'getting worse'|
|Researcher wows Black Hat with NFC-based smartphone hacking demo|
|Black Hat: Cyber-espionage operations vast yet highly focused, researcher claims|
“I can read all the files,” said Miller about how he managed to break into the Nokia 9 when his home-made NFC-based device is in very close proximity to the targeted smartphone. “I can make phone calls, too.” Vulnerabilities he identified in the Android-powered Nexus S were located in the browser surface, he said. NFC works at near-contact range, and it could not be used to attack from any distance.
Miller said his efforts involved nine months of experimentation with NFC “fuzzing” techniques, and help from a cast of friends and fellow researchers. He said he plans to make his home-grown NFC fuzzing tool available to help with testing of NFC implementations “since there really aren’t any today.”
Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security. Twitter: MessmerE. E-mail: firstname.lastname@example.org.
Read more about security in Network World's Security section.