Feeds

Single NFC bonk subjugated Samsung Galaxy SIII and slurped it out

Attackers groped about until they had total dominance

Top three mobile application threats

A Galaxy SIII running Android 4.0.4 was infected with malware over an NFC connection at a hacking contest in Amsterdam using nothing more than a bump in the dark.

Full details of the vulnerabilities exploited haven't been revealed by the team, who came from MWR InfoSecurity and were showing off at Mobile Pwn2Own this week, as they are giving Samsung and Google time to issue a patch. An iPhone 4S was also compromised via a WebKit bug during the competition between security bods.

The Galaxy SIII infection was accomplished using Android's Beam application to send a file, which is executed thanks to a buffer overflow attack, allowing the hackers to escalate privileges to superuser level and establish a network connection to a remote server. The assault hands over complete control of the device and allows the data within to be siphoned off.

Android devices with NFC use Beam as a simple file exchange mechanism, but they're not supposed to execute received files. The vulnerability probably extends to any other Android device running Ice Cream Sandwich with NFC enabled, and might well extend to Jelly Bean as well although the team admits that might be harder.

The attack is a two-stage process: one vulnerability is used to get the received file to execute, and a second tool is then used to escalate privileges and gain access to private data. The randomised positioning of critical software components in memory - a security technique employed by Android and many other operating systems - makes that escalation challenging; over a hundred attempts were required during the demonstration, but those attempts can be made after the infection and took less than a minute anyway.

Jelly Bean apparently has more memory locations at which components are stored, decreasing the chance of finding the exact data or instruction address needed to further an exploit, but the team doesn't know how much that helps, or isn't saying.

The details are promised later, once the vendors involved have had a chance to fix it. The NFC execution should be an easy fix, one would hope, but the other part of the attack may prove harder to mitigate against. ®

Combat fraud and increase customer satisfaction

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Heartbleed exploit, inoculation, both released
File under 'this is going to hurt you more than it hurts me'
Canadian taxman says hundreds pierced by Heartbleed SSL skewer
900 social insurance numbers nicked, says revenue watchman
German space centre endures cyber attack
Chinese code retrieved but NSA hack not ruled out
Burnt out on patches this month? Oracle's got 104 MORE fixes for you
Mass patch for issues across its software catalog
Reddit users discover iOS malware threat
'Unflod Baby Panda' looks to snatch Apple IDs
prev story

Whitepapers

Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.