A recent security conference revealed several shortcomings in the near field communication (NFC) technology implemented in Android devices and at the same time, several problems with its use in Nokia devices were also brought to light. Charlie Miller, a security specialist, showed at the recent Black Hat conference, that the NFC feature is turned on by default in Android devices and the same can be used to hijack the smartphones.
The way NFC works is that the device looking to transmit information to the phone has a built-in antenna and when the phone comes in close proximity, the data is transferred. Usually, stickers and smart cards use NFC to send data such as phone numbers and Web addresses to smartphones. However, the same technique can be used to hack into the phone and steal data from it. Attacking using NFC involves using a concealed reader that is near a smart card and involves sending information from the phone to a malicious website using the Android Beam feature in the phones. Beam on Android phones is more than just a way to make payments with the phone, but it is a viable alternate to Bluetooth to send large data such as videos and pictures.
Miller, in a demonstration showed how he was perfectly capable of taking control over the phone, starting with the browser and using nothing more than access to the Beam facility inside it. It also needed the cooperation of the browser, but that was simple enough considering that there was a bug in it that could be exploited with ease. He went on to suggest that attacks could be carried out through unsuspecting places such as tags in movie posters or point of sale locations. This way, the phone could be directed to a virulent website or the payment will be made into the wrong account.
The alternate to such problems is that the NFC facility should not be given the authorization to make payments directly, but rather it should take an input from the user. It was found that the issues could be fixed on the Ice Cream Sandwich but not on the Gingerbread OS. The problems are not exclusive to Android and Miller found issues on the MeeGo running N9 that allows for automatic authorization of devices via NFC when it is enabled. All these issues are something Apple should consider before it incorporates NFC into its future devices.