Charlie Miller Strikes Again, Hacks Android and MeeGo Devices using NFC at Black Hat Conference

Back when Near Field Communication (NFC) technology was just becoming known, there were some who worried that it would create yet another potential attack vector for mobile devices by dint of being a wireless technology over which users would be transmitting sensitive payment or personal data. The general consensus seemed to be, however, that unlike WiFi and Bluetooth, NFC would beam data at such a close range--just an inch or so--that even it was hackable, it would be too difficult for a criminal to intercept the signal.

Thanks to hacker Charlie Miller, that’s all out the window. At the Black Hat Conference (which, incidentally, is absolutely the worst place on the planet to try and get a secure wireless connection), Miller demonstrated how he can hacked Samsung’s Nexus S and Galaxy Nexus handsets and the Nokia N9 using their NFC capabilities.

Miller demonstrating his hack (Image credit: CNET)

How did he do it? He made a special tag that takes over the NFC-controlling application when a device reads it. It sounds like an obvious and terribly simple way to take control of another device, and Miller believes that tags can be further modified to deliver a malicious payload, too.

Miller specifically targeted Android 3.2 Gingerbread, although his attack should also work on Android 4.0 ICe Cream Sandwich and possibly Android 4.1 Jelly Bean. Worse, with Android Beam (a feature of ICS), Miller found that he could gain control of a mobile device’s browser and visit any site he wanted and also look at files stored locally. The story isn’t any better with the Nokia N9; with NFC enabled, the N9 will accept any connection request, and the user won’t even be notified.

If you’re thinking that it’s still probably difficult for a cybercrook with a poison NFC tag to get close enough to your phone, you’re wrong. A tag could be hidden on a payment terminal, or he could simply walk by you and make sure your pockets are close.

The only bright spot is that in order for Miller’s attack method to work, the receiving phone’s screen must be on and the device must be unlocked. Still, we’re now officially concerned.