"
"
Whenever a new technology emerges, you can quickly expect one of two things: porn and hackers. Sadly for skin flick lovers it’s the latter that’s making the news with Near Field Communication.
It’s time once again for the Black Hat security conference in Las Vegas and, as usual, Charlie Miller has popped up to show off the latest flaw he’s discovered in popular technology. This time he’s turned his attention to NFC chips, billed as a convenient and secure alternative to Wi-Fi and Bluetooth.
The problem Miller demonstrated wasn’t in the transfer of information between an NFC-enabled phone and another device or tag. Instead it’s that the Android and Nokia handsets he examined were simply too gullible when it came to following orders issued over NFC.
In the demo, Miller showed that simply placing an NFC tag besides a Nexus S could force it to visit a website without the user’s confirmation. Combine that with one of the numerous browser flaws that are constantly being discovered, exploited and then fixed, and you’ve got potential problems.
In practice hackers aren’t likely to bother walking around with an NFC chip in their hands, patting people on the butt in the hope of getting within range of their handsets (and in any case, the connection only works when a phone’s screen is switched on rather than in standby). Instead, Miller argues, attacks are likely to involve replacing legitimate chips or tags with bogus ones: he gives the example of switching a tag on a movie poster that supposedly send the user to the movie’s website.
This isn’t so much a bug as a fundamental design flaw. Miller says the only solution is to redesign NFC features on phones so that they won’t carry out actions such as opening a website without the user’s active confirmation.
Meanwhile Nokia’s MeeGo operating system also came under criticism from Miller. He said that if users have NFC switched on and default settings unchanged, the phone will not only accept any NFC connection request it receives, but can even be forced to make a Bluetooth connection via the NFC chip, thus giving a hacker control over some of the phone’s features.
0 comments:
إرسال تعليق