Stand Close to Me, & Youre pwned! : Owning SmartPhones using NFC

No ratings

Presented at ClubHack 2012 by

Aditya Gupta

Subho Halder

NFC or the Near Field Communication allows cell phones to perform specified actions whenever they detect NFC tags or signals from other NFC enabled device. Most of the recent phones including Samsung Galaxy S3, Nokia Lumia 610, Blackberry Bold etc have NFC enabled with them. NFC even helps enterprise/payment gateways to ease up users actions, such as connecting to a wifi, setting a bookmark, making payments etc. Gone are the days of sending Android malware links through URL or attachments. In this talk, we will be showing how an attacker could steal the private and sensitive information from ones phone and even perform malicious actions on users phone, using NFC as an attack vector. NFC attack vectors come in two forms : Active(setting attackers phone as a proxy between victims smartphone and the payment terminal) and Passive(using NFC tags).For our demonstrations, we would be creating malicious NFC tags which when detected by any smartphone(NFC enabled) would steal sensitive informations from the phones (without the users knowledge) as well as trick user to install malicious applications to his phone. Thereafter, we would also be talking about how an attacker could get in close proximity of another NFC-enabled phone, get a remote shell on the victims phone and compromise the phones security. We would also be discussing how viral an NFC attack could go in future, if proper security measures are not enforced.