Friday, July 27, 2012
NFC hackers to steal user information in the phone
From its inception until now, the advantages of easy connection of NFC has raised a concern about security when devices can be easily connected together through the steps without any confirmation. Yesterday, a consultant named Charlie Miller was shown a video at the Black Hat security conference in Las Vegas, demonstrating the ability to steal your information just by standing close to someone. In the video, Mr. Miller is following behind his friend, then he put his hand near the back pockets of people that (are to NFC mobile phones) means the connection was successful. From there Miller can eavesdrop the entire conversation and even steal information inside the phone. The process connection is made through NFC cards which have a thickness very small and difficult to detect. The connection is basically very easy to implement, such as the Nokia N9, just touch up your speakers or headphones sound NFC, the transmission will take place immediately, without going through the steps confirmation. Somehow, Miller was able to exploit a bug in the N9 allows him to exploit NFC is more. In this case, Miller not only can hear the music playing in the machine but also have access to all the other data through Bluetooth connectivity, including photographs and contacts. Even using the hacked phone to call and send messages to other phones. Fortunately, the N9 as well as machines running Nokia Belle functions are available ask for confirmation before connecting via NFC. If you're concerned that one fine day you will be hacked in the way mentioned above, you should confirm this turn up before too late. Also N9 running MeeGo out, Miller was trying to attack another machine running on the Android operating system. However, attacking Android is somewhat more complicated because when the machine is placed in sleep mode (off screen), the NFC chip is always off. Want to attack this machine must be turned on before the NFC, NFC running, that'd need to unlock your phone. So Miller has sent a message to the machine together with the Passcode to unlock, this wave NFC will automatically be turned on. Scary Android on machines, especially as it supports Android 4.0 Beam function, that send many types of data from another machine through through NFC without confirmation, especially post page web, it will automatically recognize and open up the site without asking prior consent of the user. Taking advantage of this gap, Mr. Miller sent a web page containing malicious code to attack the machine Android Webkit, which is the engine of Google Chrome web browsers have built-in web browser and many others. It will then ask the browser to download a different code and conduct a real attack. According to VentureBeat, InformationWeek ...
No comments:
Post a Comment