Register FAQ / Rules Forum Spy Search Today's Posts Mark Forums Read
Go Back   MacRumors Forums > iPhone, iPod and iPad > Alternatives to iOS and iOS Devices

Reply
 
Thread Tools Search this Thread Display Modes
Old Sep 19, 2012, 03:34 PM   #1
Porshuh944turbo
macrumors 6502
 
Join Date: Jun 2003
Samsung Galaxy S3 (et al) hacked via NFC at PWN2OWN

Uh oh.....

Quote:
The Samsung Galaxy S3 can be hacked via NFC, allowing attackers to download all data from the Android smartphone, security researchers demonstrated during the Mobile Pwn2Own contest in Amsterdam on Wednesday.
Still want NFC?

Quote:
Using this technique, a file is loaded on the targeted S3. The file is then automatically opened and gets full permissions, meaning that the attacker has full control over the phone, explained Tyrone Erasmus, security researcher at MWR. The app runs in the background so the victim is unaware of the attack, he added.

The attacker, for instance, gets access to all SMS messages, pictures, emails, contact information and much more. The payload is very advanced, so attackers can "basically do anything on that phone," the researchers said.
http://www.networkworld.com/news/201...0.html?hpg1=bn

EDIT:
To please some of you accusing me of not being fair -- yes, the iPhone 4S was hacked via a similar exploit, but obviously not via NFC, which I believe is the news here. The iPhone exploit was made possible through a website. The iPhone 5 is believed to be vulnerable, though this is unconfirmed. The exploit was used on iOS 5.1.1 and a developer version of iOS 6 on an iPhone 4S handset.

Quote:
When a user visits a website where the code is running; the security mechanisms in Safari are circumvented

Last edited by Porshuh944turbo; Sep 19, 2012 at 04:10 PM.
Porshuh944turbo is offline   1 Reply With Quote
Old Sep 19, 2012, 03:38 PM   #2
jaysen
macrumors 6502
 
Join Date: Sep 2009
Quote:
Originally Posted by Porshuh944turbo View Post
If you're going to troll, be fair about it - sheesh;

Quote:
It should be noted though, that the vulnerability can also be exploited in other ways, the researchers said. The payload data can for instance be attached to an email message and have the same effect when downloaded, they said.

"We used the NFC method for showmanship,"
Oh no, lets remove email from the iphone...
jaysen is offline   8 Reply With Quote
Old Sep 19, 2012, 03:42 PM   #3
Cozmo85
macrumors regular
 
Join Date: Oct 2007
NFC's range is something like touching to 4 inches. At that distance you could just steal the phone.
Cozmo85 is offline   6 Reply With Quote
Old Sep 19, 2012, 04:03 PM   #4
Porshuh944turbo
Thread Starter
macrumors 6502
 
Join Date: Jun 2003
Most people can spot a phishing email a mile away (if it even makes it through your mail server's spam filter). Walk around a shopping mall and see how many people get close enough to your phone that is in your pocket. It takes very little time to establish an NFC connection. Once the payload is uploaded, according to the article, a hacker could connect via WiFi to your phone and access anything and everything.

I can think of numerous places a hacker could exploit this with ease:

a crowded bar
a concert
checkout line at the grocery store
checkout line just about anywhere
at the workplace where people often leave their phone on their desk

it's not about stealing a phone.. the NFC hack works without the owner's knowledge.




troll? lol.. been here since 2003, bud
Porshuh944turbo is offline   1 Reply With Quote
Old Sep 19, 2012, 04:05 PM   #5
Interstella5555
macrumors 603
 
Interstella5555's Avatar
 
Join Date: Jun 2008
Quote:
Originally Posted by Porshuh944turbo View Post
Most people can spot a phishing email a mile away (if it even makes it through your mail server's spam filter). Walk around a shopping mall and see how many people get close enough to your phone that is in your pocket. It takes very little time to establish an NFC connection. Once the payload is uploaded, according to the article, a hacker could connect via WiFi to your phone and access anything and everything.

I can think of numerous places a hacker could exploit this with ease:

a crowded bar
a concert
checkout line at the grocery store
checkout line just about anywhere
at the workplace where people often leave their phone on their desk

it's not about stealing a phone.. the NFC hack works without the owner's knowledge.




troll? lol.. been here since 2003, bud
If you were really being fair you would mention the 5 has also been hacked instead of just saying "et al". I agree though, NFC is a terrible idea.
Interstella5555 is offline   0 Reply With Quote
Old Sep 19, 2012, 04:06 PM   #6
Porshuh944turbo
Thread Starter
macrumors 6502
 
Join Date: Jun 2003
the 5 wasn't hacked.. a 4S was and the team responsible believes the 5 is also vulnerable (unconfirmed). However, I think the news here is that NFC was used. Email and website hacks have been around for a while now (and are indeed a threat that should be patched).

If you can show me an iPhone 5 hacked via NFC, then you got me.
Porshuh944turbo is offline   0 Reply With Quote
Old Sep 19, 2012, 04:08 PM   #7
JohnnyAndre
macrumors regular
 
Join Date: Jun 2007
Location: California
 
You lose again, Samsung. Give up.
JohnnyAndre is offline   0 Reply With Quote
Old Sep 19, 2012, 04:32 PM   #8
munkery
macrumors 68020
 
munkery's Avatar
 
Join Date: Dec 2006
It should also be noted that the Android exploit included privilege escalation.

This allowed the installation of an app, which could have been malware, and the comprise of protected data, such as SMS and emails.

Privilege escalation was not achieved in iOS. So, malicious apps couldn't be installed and protected data was not compromised.

Mobile pwn2own 2012 details:

http://dvlabs.tippingpoint.com/blog/...e-pwn2own-2012

Android exploited including privilege escalation via NFC

http://labs.mwrinfosecurity.com/blog...usecwest-2012/

Android hack details:

Quote:
The first vulnerability was a memory corruption that allowed us to gain limited control over the phone. We triggered this vulnerability 185 times in our exploit code in order to overcome some of the limitations placed on us by the vulnerability.

We used the second vulnerability to escalate our privileges on the device and undermine the application sandbox model. We used this to install a customised version of Mercury, our Android assessment framework. We could then use Mercury’s capabilities to exfiltrate user data from the device to a remote listener, including dumping SMS and contact databases, or initiating a call to a premium rate number.
iPhone browser exploited but privilege escalation not achieved

http://www.zdnet.com/mobile-pwn2own-...am-7000004498/

iPhone hack details:

Quote:
Although the successful attack exposed the entire address book, photo/video database and browsing history, Pol and Keuper said they did not have access to the SMS or e-mail database. "Those are not accessible and they're also encrypted," Keuper explained.
Quote:
Despite obliterating the security in Apple's most prized product, Pol and Keuper insists that the iPhone is the most secure mobile device available on the market. "It just shows how much you should trust valuable data on a mobile device. It took us three weeks, working from scratch, and the iPhone is the most advanced device in terms of security."

"Even the BlackBerry doesn't have all the security features that the iPhone has. For example, BlackBerry also uses WebKit but they use an ancient version. With code signing, the sandbox, ASLR and DEP, the iPhone is much, much harder to exploit," Pol said matter-of-factly.

He reckons that the Android platform is also "much better" than BlackBerry and said the decision to go after iPhone 4S at Pwn2Own was simply aimed at going after the harder target.
munkery is offline   1 Reply With Quote
Old Sep 19, 2012, 04:35 PM   #9
jaysen
macrumors 6502
 
Join Date: Sep 2009
Quote:
Originally Posted by Porshuh944turbo View Post
Most people can spot a phishing email a mile away (if it even makes it through your mail server's spam filter). Walk around a shopping mall and see how many people get close enough to your phone that is in your pocket. It takes very little time to establish an NFC connection. Once the payload is uploaded, according to the article, a hacker could connect via WiFi to your phone and access anything and everything.

I can think of numerous places a hacker could exploit this with ease:

a crowded bar
a concert
checkout line at the grocery store
checkout line just about anywhere
at the workplace where people often leave their phone on their desk

it's not about stealing a phone.. the NFC hack works without the owner's knowledge.




troll? lol.. been here since 2003, bud
Most tech-savvy people can spot a phishing email a mile away, yet millions of people still fall victim to phishing scam/emails a year - go figure.

You're absolutely right in terms of the many of opportunities someone can become close enough to "exploit" this hack, yet you forget the attacker would still need to know the persons phone location to get within "4 inches" of it... I can only see this as being valid if the person has their phone swinging from their hands as they take strides...

In regards to my troll comment, I was referring to you bashing "Samsung" for including a technology that Nokia, Phillips, and Sony developed YET, the article clearly states ANYONE is vulnerable.

You also fail to realize, the team purposely used NFC for "showmanship" again failing to note this could probably be done using WiFi or bluetooth. Also note, in the GSIII, Galaxy Nexus, HTC One X, all have the capability of turning NFC on/off.

Good article nonetheless, but to say "Still want NFC" as if it's the future doomsday technology, is unfair and bias - hence my troll comment.
jaysen is offline   2 Reply With Quote
Old Sep 19, 2012, 04:45 PM   #10
JohnnyAndre
macrumors regular
 
Join Date: Jun 2007
Location: California
 
NFC shouldn't make or break a phone. It's a stupid feature that can be easily reproduced in many different, more secure ways.
__________________
Twitter: JohnnyAndre
MacBook Pro with Retina Display
iPad mini Black Verizon 32 - Nokia Lumia 920 - iPod touch [PRODUCT RED] 32
Wii U Deluxe - 3DSXL Red - PC - 360 - PS2 - Dreamcast
JohnnyAndre is offline   1 Reply With Quote
Old Sep 19, 2012, 04:51 PM   #11
lordofthereef
macrumors 603
 
lordofthereef's Avatar
 
Join Date: Nov 2011
Location: Boston, MA
While I agree that this is a concern, it is being overblown here by the OP. Someone walking by you at the mall? NFC on the phone isn't an always on type of thing. You don't just brush up against a person and steal their information. NFC actually has to be activated. The risk of something getting stolen would be similar to the risk of your card info being stolen by means of a skimmer (look it up for those who don't know what that is). Granted, getting the entire contents of your phone stolen is a bigger deal than a single credit card's info, which is why I am not dismissing this as nothing, but it certainly is getting way more heat than it deserves.
__________________
I use iOS and Android daily and, more recently, Windows Phone 8. If what I say upsets you, it's probably because of your brand loyalty.
lordofthereef is offline   0 Reply With Quote
Old Sep 19, 2012, 04:55 PM   #12
chakraj
macrumors 65816
 
chakraj's Avatar
 
Join Date: Feb 2008
Location: So Cal
Hackers show the world how to steal an iPhone’s pictures, address book and browser history

TechWorld reports that the hackers created a Webkit browser exploit that circumvents Safari’s security protocols if a user happens to be on a page where the malicious code is running.

The hackers told TechWorld that the browser exploit “works on iOS 5.1.1 and the developer release of iOS 6, and probably also works on the iPhone 5,” so it’s not as though upgrading to the new iPhone will deliver instant protection.

http://www.bgr.com/2012/09/19/iphone...tory-targeted/

Name:  monkey.jpg
Views: 799
Size:  34.4 KB
__________________
Why am I here? “On action alone be thy interest,
Never on its fruits. Let not the fruits of action be thy motive, Nor be thy attachment to inaction.”
chakraj is offline   1 Reply With Quote
Old Sep 19, 2012, 04:56 PM   #13
JetBlack7
macrumors 68000
 
JetBlack7's Avatar
 
Join Date: May 2011
Location: Portugal
The next big thing is here...along with the possibility to be hacked.
__________________
iPhone 5S Space Gray 32GB Game Center ID: JetBlack7
JetBlack7 is offline   0 Reply With Quote
Old Sep 19, 2012, 05:00 PM   #14
shawnwich
macrumors regular
 
Join Date: Oct 2007
Location: Houston, TX
Yes, yes I still want NFC.

Anything can be hacked.
shawnwich is offline   0 Reply With Quote
Old Sep 19, 2012, 05:04 PM   #15
RotaryP7
macrumors 6502a
 
Join Date: Aug 2011
Location: Miami, FL
Anything except Blackberries. Did you know the President has a Blackberry? It's nearly impossible to hack into those phones. That's still one of the reasons why the Blackberry still exists today.
__________________
MacBook Pro, 2.4 GHz, 4 GB RAM, 250 GB HD ; iPhone 5 16 GB ; iPad Mini 16 GB
RotaryP7 is offline   0 Reply With Quote
Old Sep 19, 2012, 05:04 PM   #16
Oppressed
macrumors 65816
 
Join Date: Aug 2010
Hard to promote something like this for public use if the public has to be afraid if they are going to be hacked.

Quote:
Originally Posted by RotaryP7 View Post
Anything except Blackberries. Did you know the President has a Blackberry? It's nearly impossible to hack into those phones. That's still one of the reasons why the Blackberry still exists today.
"Even the BlackBerry doesn't have all the security features that the iPhone has. For example, BlackBerry also uses WebKit but they use an ancient version. With code signing, the sandbox, ASLR and DEP, the iPhone is much, much harder to exploit," Pol said matter-of-factly.
Oppressed is offline   0 Reply With Quote
Old Sep 19, 2012, 05:08 PM   #17
munkery
macrumors 68020
 
munkery's Avatar
 
Join Date: Dec 2006
Quote:
Originally Posted by chakraj View Post
Hackers show the world how to steal an iPhone’s pictures, address book and browser history

...
See my post above. The Android exploit was worse because it included privilege escalation which allows the installation of malicious apps and the compromise of SMS and emails.

The iPhone exploit didn't allow app install and protected data wasn't compromised. The data accessed with the iPhone exploit is only data available via legitimate APIs. Despite the exploit working in iOS 6, I suspect that even this limited data access may be mitigated by the new security and privacy features of iOS 6.

In terms of security, the android exploit is much more severe.
munkery is offline   0 Reply With Quote
Old Sep 19, 2012, 09:40 PM   #18
cotak
macrumors regular
 
Join Date: Feb 2011
The problem is how NFC is implemented right now and how it automatically opens something it's sent. That will be rectified I am sure.

It's not a reason to be for or against NFC. If you think like that you'd be mistaking a bad design decision with a useful technology. Vast majority of us have NFC in our lives already be it the paypass in your credit card or the badge you open doors with at your office.
cotak is offline   0 Reply With Quote
Old Sep 19, 2012, 09:56 PM   #19
throAU
macrumors 68030
 
Join Date: Feb 2012
Location: Perth, Western Australia
NFC is retarded.


They're making all the same mistakes the desktop world went through in the late 90s.

Unauthenticated, unencrypted traffic, sent to my device?

Sure, come right in, i'll process that!


Fact: programmers can't write secure code (we've had 50 years to get it right, and people still can't)
Fact: it will be exploited
__________________
MBP (early 2011) - Core i7 2720 2.2ghz, Hires Glossy, 16GB, Seagate Momentus XT 750GB
Mac Mini (mid 2007) - Core2 Duo 1.8, 2gb, 320gb 7200 rpm
iPhone 4S, iPad 4, iPad Mini, HTC One (eval)
throAU is offline   0 Reply With Quote
Old Sep 19, 2012, 10:01 PM   #20
lazard
macrumors 6502a
 
Join Date: Jul 2012
Quote:
Originally Posted by Cozmo85 View Post
NFC's range is something like touching to 4 inches. At that distance you could just steal the phone.
actually the NFC range is 4cm.

----------

Quote:
Originally Posted by throAU View Post
NFC is retarded.


They're making all the same mistakes the desktop world went through in the late 90s.

Unauthenticated, unencrypted traffic, sent to my device?

Sure, come right in, i'll process that!


Fact: programmers can't write secure code (we've had 50 years to get it right, and people still can't)
Fact: it will be exploited
the information sent via NFC is encrypted and sent over a secured channel.
lazard is offline   0 Reply With Quote
Old Sep 19, 2012, 10:07 PM   #21
cotak
macrumors regular
 
Join Date: Feb 2011
Quote:
Originally Posted by throAU View Post
NFC is retarded.


They're making all the same mistakes the desktop world went through in the late 90s.

Unauthenticated, unencrypted traffic, sent to my device?

Sure, come right in, i'll process that!


Fact: programmers can't write secure code (we've had 50 years to get it right, and people still can't)
Fact: it will be exploited
You realize that SMS is also unauthenticate, unencrypted traffic send to anyone's phone and any phone just process it? Should we all abandon SMS?

For that matter how is any instance messengering app any better? Or email? Might as well just put on the tin foil hat at this point.

It's not that programmers cannot write secure code. It's that there's not enough pressure for that to be the prime objective.
cotak is offline   0 Reply With Quote
Old Sep 19, 2012, 10:53 PM   #22
kdarling
macrumors Demi-God
 
kdarling's Avatar
 
Join Date: Jun 2007
Location: Device engineer 30+ yrs, touchscreens 23+.
Reading the article, it's not really about NFC, since that's just one possible delivery vector.

It's more about a security hole in a popular document reader app that allows a downloaded page to install code.
kdarling is offline   0 Reply With Quote
Old Sep 20, 2012, 09:06 AM   #23
blackhand1001
macrumors 68030
 
blackhand1001's Avatar
 
Join Date: Jan 2009
Quote:
Originally Posted by cotak View Post
The problem is how NFC is implemented right now and how it automatically opens something it's sent. That will be rectified I am sure.

It's not a reason to be for or against NFC. If you think like that you'd be mistaking a bad design decision with a useful technology. Vast majority of us have NFC in our lives already be it the paypass in your credit card or the badge you open doors with at your office.
The issue is only related to the s3. The galaxy nexus only enables NFC polling once the device is unlocked. Samsung can easily change the s3 to work this way as well.
__________________
Macbook 2008
HP Dv7t - 2.53 ghz, 9600m GT, WSXGA+, 120gb ssd, 250 gb 7200rpm
Core i7 3770k, 8gb ram, 2x 120gb sdd raid0, 500gb hdd, GTX 460
Moto X Dev Edition (VZW) Nexus 7
blackhand1001 is offline   0 Reply With Quote
Old Sep 20, 2012, 09:26 AM   #24
Mac.World
Banned
 
Join Date: Jan 2011
Location: In front of uranus
Quote:
Originally Posted by JohnnyAndre View Post
NFC shouldn't make or break a phone. It's a stupid feature that can be easily reproduced in many different, more secure ways.
Really? Must be why credit card companies and government ag3ncies use the tech.

To hack NFC, you must be literally within an inch of the phones chip. Not the phone, the chip. And if you believe someone is trying to do this thing to you, knows exactly where you keep your phone, etc... there is an easy way to stop them. Put your phone in your pocket with the screen facing outward. Done. Or stick a metal cover over th3 back. Or real carbon fiber.

This is such a non issue.
Mac.World is offline   0 Reply With Quote
Old Sep 20, 2012, 09:44 AM   #25
flameproof
macrumors 6502
 
Join Date: Jan 2011
Quote:
Originally Posted by RotaryP7 View Post
Anything except Blackberries. Did you know the President has a Blackberry? It's nearly impossible to hack into those phones. That's still one of the reasons why the Blackberry still exists today.
...and they are very unlikely to get stolen too.
flameproof is offline   0 Reply With Quote

Reply
MacRumors Forums > iPhone, iPod and iPad > Alternatives to iOS and iOS Devices

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Forum Jump

All times are GMT -5. The time now is 02:48 AM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC