A popular feature that is increasingly added to smartphones is Near Field Communication (NFC), which allows data to be exchanged when compatible devices are placed very closely together. Most commonly, this is used for payments via smartphone. Just wave your phone at the store’s NFC reader, and you can pay your bill with the account information you have stored in your phone. Very handy, plus it almost feels like we’re living in the future.
Now when dealing with financial information, people tend to design their securiuty measures pretty well. (The fact that they can face massive fines for a breach helps push the priority of secure design). However, there are lots of other nifty things people are figuring out how to do with NFC.
And not all of those things are secured as well as paying for your lunch is.
Android phones with NFC have the Android Beam feature, which facilitates data exchange between two Android phones. The problem is that:
when NFC and Android Beam are enabled—as they are by default—devices will automatically download any file or Web link sent through the service. There’s no way for end users to selectively approve or reject a specific transfer initiated by another handset.
In the demonstrated exploit, Mr. Miller had the victim phone open a specially crafted website that would then utilize a browser exploit to take over the whole phone.
Android Beam only works when the phone’s screen is on and unlocked, so someone couldn’t go around waving their phone by everyone’s pockets and create a botnet on the fly, but this type of hole could still be theoretically abused. Especially when combined with social engineering.