Andre Yoskowitz
27 Jul 2012 19:34
During the Black Hat security conference this week, both Nokia and Samsung devices were hacked due to an NFC vulnerability.
NFC, which is still in its infancy, is now becoming a standard on new smartphones and analysts expect NFC to be used in $180 billion worth of consumer purchases by 2017.
Charlie Miller, a principal research consultant at security firm Accuvant, hacked a Samsung Nexus S, a Galaxy Nexus and a Nokia N9: "It turns out that through NFC, using technology like Android Beam or NDEF [NFC Data Exchange Format] content sharing, one can make some phones parse images, videos, contacts, office documents, even open up Web pages in the browser, all without user interaction."
NFC-based mobile systems have been slow to adoption, with the number one reason usually being security.
Most companies offer at least one NFC-enabled phone, and the big hitter, Apple, is expected to add the functionality with their upcoming iPhone 5 in October.
In his demonstration, Miller used NFC to send someone else's phone to a malicious website: "If I walk up to your phone and touch it, or I just get near it, your Web browser, without you doing anything, will open up and go to a page that I tell it to."
Additionally, a concealed NFC tag placed on a payment terminal or other legitimate NFC-enabled device can be used to take control of the device, as long as they are unlocked.
These issues will certainly need to be resolved before NFC can become mainstream.