We all hate to visit websites that are seeded with attack software, but Charlie Miller, a skilled hacker and a research consultant at security firm Accuvant, created tools that forced smart phones to visit such websites on their own. And when a smartphone is led to such a website by Miller, the booby trapped websites helped him to look and steal data that was stored on victims’ handset.
Miller used short range radio technology, known as ‘Near Field Communication’ (NFC), in order to get his hands on the data stored on his victim’s handset. NFC is becoming more and more common in smart phones these days as the gadgets are transforming into digital wallets and electronic tickets.
Miller demonstrated his work at the Black Hat Conference in Las Vegas and during his presentation, he showed how to attack three separate phones. Google Galaxy Nexus and the Samsung Nexus S were both Android phones and the Nokia N9, the third smart phone used for this demonstration, which run on MeeGo system.
Miller wrote his software in order to control a reader tag that works in conjunction with the NFC, which enabled him to attack the phones. As the name suggests, NFC only works when both devices are brought close to each other or are placed near a reader chip.
The process works on Android phones by exploits a feature of Android smart phones known as the Android Beam. In the demo, Miller piped commands via his custom built chip and sent them over to the Android beam. This allowed him to send information and links to other handsets over short distances. Miller discovered during his research that Android beam’s default setting forces handsets to open any files and visit any web links sent to it. So, by sending them links of websites that ran code written just to exploit the known vulnerabilities in the Android, he was able to control what was on those handsets.
Miller told Ars Technica, a tech news website that, “The fact that, without you doing anything, all of a sudden your browser is going to my website, is not ideal.”
During one of his demo’s, he used this attack method, which enabled him to view files on the target handset.
As for the Nokia N9 phone, Miller demonstrated how NFC could be abused in order to take control of the targeted handset. On the MeeGo system, he was able to send texts or make calls via the weaknesses exploited by his customized radio tag.
In order to make the process successful on an Android smart phone, the phone should be unlocked, have their screen active, and they must be running on a particular version of the Android OS.
Nokia officials said that they were aware of Miller’s research and it is actively investigating his claims of success against Nokia’s N9 smart phone. Furthermore, Nokia officials added that they are not aware of anyone else who is or might be abusing the loopholes of its smart phones via NFC.
As for Google, they have yet to comment on this research and its claimed success on their smart phones.