A skilled hacker has revealed a new technique to hijack a smartphone via a short-range radio technology known as Near Field Communication (NFC).
Charlie Miller, a research consultant at security firm Accuvant, created tools that forced phones to visit websites seeded with attack software, which helped him look at and steal data contained in a handset.
According to the BBC, Miller, who demonstrated the work at the Black Hat hacker conference in Las Vegas, showed how to attack three separate phones, namely, the Samsung Nexus S, the Google Galaxy Nexus, which both run Android, and the Nokia N9, which runs on the MeeGo system. To attack the phones Miller wrote the software to control a reader tag that works in conjunction with NFC, which works when devices are brought close together or are placed near a reader chip.
He discovered that the default setting in Android Beam forces a handset to visit any weblink or open any file sent to it, and via this route he forced handsets to visit websites that ran code written to exploit known vulnerabilities in Android, the report said.
“The fact that, without you doing anything, all of a sudden your browser is going to my website, is not ideal,” Miller said. He said that to successfully attack the Android phones they must be running a particular version of the operating system, be unlocked and have their screen active.
Nokia claimed that it was aware of Miller’s research and said it was “actively investigating” his claims of success against its N9 phone.
Google remained unavailable for comment.