Near field communication (NFC) is a set of standards for smartphones and similar devices to establish radio communication with each other by touching them together or bringing them into close proximity, usually no more than a few centimetres. Present and anticipated applications include contactless transactions, data exchange, and simplified setup of more complex communications such as Wi-Fi. Communication is also possible between an NFC device and an unpowered NFC chip, called a "tag".
During his presentation, Mr Miller showed how to attack three separate phones: the Samsung Nexus S, the Google Galaxy Nexus - which both run Android - and the Nokia N9, which runs on the MeeGo system.
To attack the phones Mr Miller wrote software to control a reader tag that works in conjunction with NFC. As its name implies, NFC works when devices are brought close together or are placed near a reader chip.
In one demo Mr Miller piped commands through his custom-built chip that abused a feature of the smartphones known as Android beam. This allows phone owners to send links and information over short distances to other handsets.
To attack the phones Mr Miller wrote software to control a reader tag that works in conjunction with NFC. As its name implies, NFC works when devices are brought close together or are placed near a reader chip.
In one demo Mr Miller piped commands through his custom-built chip that abused a feature of the smartphones known as Android beam. This allows phone owners to send links and information over short distances to other handsets.
He discovered that the default setting in Android Beam forces a handset to visit any weblink or open any file sent to it. Via this route he forced handsets to visit websites that ran code written to exploit known vulnerabilities in Android.
"The fact that, without you doing anything, all of a sudden your browser is going to my website, is not ideal," Mr Miller said.
In one demonstration using this attack Mr Miller was able to view files on a target handset.
"The fact that, without you doing anything, all of a sudden your browser is going to my website, is not ideal," Mr Miller said.
In one demonstration using this attack Mr Miller was able to view files on a target handset.
On the Nokia phone, Mr Miller demonstrated how to abuse NFC and take complete control of a target handset, making it send texts or make calls, via the weaknesses exploited by his customised radio tag.
Mr Miller said that to successfully attack the Android phones they must be running a particular version of the operating system, be unlocked and have their screen active.
Nokia said it was aware of Mr Miller's research and said it was "actively investigating" his claims of success against its N9 phone. It said it was not aware of anyone else abusing loopholes via NFC.
Google has yet to comment on the research.
Mr Miller said that to successfully attack the Android phones they must be running a particular version of the operating system, be unlocked and have their screen active.
Nokia said it was aware of Mr Miller's research and said it was "actively investigating" his claims of success against its N9 phone. It said it was not aware of anyone else abusing loopholes via NFC.
Google has yet to comment on the research.
