Security expert shows that Android and Nokia NFC can be hacked -- under certain conditions
A research consultant has revealed to Ars Technica that he can force NFC-equipped Android and Nokia phones to run malicious code in several ways -- but only with specific devices and constraints. The first violation used the near-field Google Beam function, but only affected certain NFC phones running ICS or Jelly Bean. This could allow an evildoer to send a malicious website to an unsuspecting victim to possibly compromise their data. The next exploit was limited to a Gingerbread-equipped Google Nexus S, since later Android releases patched the bugs necessary for the hack. It allowed a so-called tag to access the NFC functions in the OS, and with a little more legwork could offer up access to more malicious programs. The final invasion was made on the Meego-powered Nokia N9, which the expert controlled by Bluetooth, using NFC -- as long as the dupe overrode the defaults and enabled that function. If so, a hacker could dial out from the phone, send messages or upload and download files, depending on which security settings were enabled. Fortunately, exact hardware and software combinations aside, nefarious types would still have to be within an inch or two of your phone to enable their NFC box of tricks. Take a look at the source for the full interview.