Samsung Galaxy S3 (et al) hacked via NFC at PWN2OWN

Discussion in 'Alternatives to iOS and iOS Devices' started by Porshuh944turbo, Sep 19, 2012.

  1. Porshuh944turbo, Sep 19, 2012
    Last edited: Sep 19, 2012

    macrumors 6502

    Joined:
    Jun 4, 2003
    #1
    Uh oh.....

    Still want NFC? :eek:

    http://www.networkworld.com/news/2012/091912-galaxy-s3-hacked-via-nfc-262590.html?hpg1=bn

    EDIT:
    To please some of you accusing me of not being fair -- yes, the iPhone 4S was hacked via a similar exploit, but obviously not via NFC, which I believe is the news here. The iPhone exploit was made possible through a website. The iPhone 5 is believed to be vulnerable, though this is unconfirmed. The exploit was used on iOS 5.1.1 and a developer version of iOS 6 on an iPhone 4S handset.

     
  2. macrumors 6502

    Joined:
    Sep 16, 2009
    #2
    If you're going to troll, be fair about it - sheesh;

    Oh no, lets remove email from the iphone...
     
  3. macrumors regular

    Joined:
    Oct 2, 2007
    #3
    NFC's range is something like touching to 4 inches. At that distance you could just steal the phone.
     
  4. thread starter macrumors 6502

    Joined:
    Jun 4, 2003
    #4
    Most people can spot a phishing email a mile away (if it even makes it through your mail server's spam filter). Walk around a shopping mall and see how many people get close enough to your phone that is in your pocket. It takes very little time to establish an NFC connection. Once the payload is uploaded, according to the article, a hacker could connect via WiFi to your phone and access anything and everything.

    I can think of numerous places a hacker could exploit this with ease:

    a crowded bar
    a concert
    checkout line at the grocery store
    checkout line just about anywhere
    at the workplace where people often leave their phone on their desk

    it's not about stealing a phone.. the NFC hack works without the owner's knowledge.




    troll? lol.. been here since 2003, bud
     
  5. macrumors 603

    Interstella5555

    Joined:
    Jun 30, 2008
    #5
    If you were really being fair you would mention the 5 has also been hacked instead of just saying "et al". I agree though, NFC is a terrible idea.
     
  6. thread starter macrumors 6502

    Joined:
    Jun 4, 2003
    #6
    the 5 wasn't hacked.. a 4S was and the team responsible believes the 5 is also vulnerable (unconfirmed). However, I think the news here is that NFC was used. Email and website hacks have been around for a while now (and are indeed a threat that should be patched).

    If you can show me an iPhone 5 hacked via NFC, then you got me.
     
  7. macrumors regular

    Joined:
    Jun 25, 2007
    Location:
    California
  8. macrumors 68020

    munkery

    Joined:
    Dec 18, 2006
    #8
    It should also be noted that the Android exploit included privilege escalation.

    This allowed the installation of an app, which could have been malware, and the comprise of protected data, such as SMS and emails.

    Privilege escalation was not achieved in iOS. So, malicious apps couldn't be installed and protected data was not compromised.

    Mobile pwn2own 2012 details:

    http://dvlabs.tippingpoint.com/blog/2012/07/20/mobile-pwn2own-2012

    Android exploited including privilege escalation via NFC

    http://labs.mwrinfosecurity.com/blog/2012/09/19/mobile-pwn2own-at-eusecwest-2012/

    Android hack details:

    iPhone browser exploited but privilege escalation not achieved

    http://www.zdnet.com/mobile-pwn2own-iphone-4s-hacked-by-dutch-team-7000004498/

    iPhone hack details:

     
  9. macrumors 6502

    Joined:
    Sep 16, 2009
    #9
    Most tech-savvy people can spot a phishing email a mile away, yet millions of people still fall victim to phishing scam/emails a year - go figure.

    You're absolutely right in terms of the many of opportunities someone can become close enough to "exploit" this hack, yet you forget the attacker would still need to know the persons phone location to get within "4 inches" of it... I can only see this as being valid if the person has their phone swinging from their hands as they take strides...

    In regards to my troll comment, I was referring to you bashing "Samsung" for including a technology that Nokia, Phillips, and Sony developed YET, the article clearly states ANYONE is vulnerable.

    You also fail to realize, the team purposely used NFC for "showmanship" again failing to note this could probably be done using WiFi or bluetooth. Also note, in the GSIII, Galaxy Nexus, HTC One X, all have the capability of turning NFC on/off.

    Good article nonetheless, but to say "Still want NFC" as if it's the future doomsday technology, is unfair and bias - hence my troll comment.
     
  10. macrumors regular

    Joined:
    Jun 25, 2007
    Location:
    California
    #10
    NFC shouldn't make or break a phone. It's a stupid feature that can be easily reproduced in many different, more secure ways.
     
  11. macrumors 604

    lordofthereef

    Joined:
    Nov 29, 2011
    Location:
    Boston, MA
    #11
    While I agree that this is a concern, it is being overblown here by the OP. Someone walking by you at the mall? NFC on the phone isn't an always on type of thing. You don't just brush up against a person and steal their information. NFC actually has to be activated. The risk of something getting stolen would be similar to the risk of your card info being stolen by means of a skimmer (look it up for those who don't know what that is). Granted, getting the entire contents of your phone stolen is a bigger deal than a single credit card's info, which is why I am not dismissing this as nothing, but it certainly is getting way more heat than it deserves.
     
  12. macrumors 65816

    chakraj

    Joined:
    Feb 6, 2008
    Location:
    So Cal
    #12
    Hackers show the world how to steal an iPhone’s pictures, address book and browser history

    TechWorld reports that the hackers created a Webkit browser exploit that circumvents Safari’s security protocols if a user happens to be on a page where the malicious code is running.

    The hackers told TechWorld that the browser exploit “works on iOS 5.1.1 and the developer release of iOS 6, and probably also works on the iPhone 5,” so it’s not as though upgrading to the new iPhone will deliver instant protection.

    http://www.bgr.com/2012/09/19/iphone-browser-hack-pictures-address-book-browser-history-targeted/

    monkey.jpg
     
  13. macrumors 68000

    JetBlack7

    Joined:
    May 14, 2011
    Location:
    Portugal
    #13
    The next big thing is here...along with the possibility to be hacked.
     
  14. macrumors 6502

    shawnwich

    Joined:
    Oct 4, 2007
    Location:
    Houston, TX
    #14
    Yes, yes I still want NFC.

    Anything can be hacked.
     
  15. macrumors 6502a

    Joined:
    Aug 31, 2011
    Location:
    Miami, FL
    #15
    Anything except Blackberries. Did you know the President has a Blackberry? It's nearly impossible to hack into those phones. That's still one of the reasons why the Blackberry still exists today.
     
  16. macrumors 65816

    Oppressed

    Joined:
    Aug 15, 2010
    #16
    Hard to promote something like this for public use if the public has to be afraid if they are going to be hacked.

    "Even the BlackBerry doesn't have all the security features that the iPhone has. For example, BlackBerry also uses WebKit but they use an ancient version. With code signing, the sandbox, ASLR and DEP, the iPhone is much, much harder to exploit," Pol said matter-of-factly.
     
  17. macrumors 68020

    munkery

    Joined:
    Dec 18, 2006
    #17
    See my post above. The Android exploit was worse because it included privilege escalation which allows the installation of malicious apps and the compromise of SMS and emails.

    The iPhone exploit didn't allow app install and protected data wasn't compromised. The data accessed with the iPhone exploit is only data available via legitimate APIs. Despite the exploit working in iOS 6, I suspect that even this limited data access may be mitigated by the new security and privacy features of iOS 6.

    In terms of security, the android exploit is much more severe.
     
  18. macrumors regular

    Joined:
    Feb 24, 2011
    #18
    The problem is how NFC is implemented right now and how it automatically opens something it's sent. That will be rectified I am sure.

    It's not a reason to be for or against NFC. If you think like that you'd be mistaking a bad design decision with a useful technology. Vast majority of us have NFC in our lives already be it the paypass in your credit card or the badge you open doors with at your office.
     
  19. macrumors 68030

    Joined:
    Feb 13, 2012
    Location:
    Perth, Western Australia
    #19
    NFC is retarded.


    They're making all the same mistakes the desktop world went through in the late 90s.

    Unauthenticated, unencrypted traffic, sent to my device?

    Sure, come right in, i'll process that!


    Fact: programmers can't write secure code (we've had 50 years to get it right, and people still can't)
    Fact: it will be exploited
     
  20. macrumors 65816

    Joined:
    Jul 23, 2012
    #20
    actually the NFC range is 4cm.

    ----------

    the information sent via NFC is encrypted and sent over a secured channel.
     
  21. macrumors regular

    Joined:
    Feb 24, 2011
    #21
    You realize that SMS is also unauthenticate, unencrypted traffic send to anyone's phone and any phone just process it? Should we all abandon SMS?

    For that matter how is any instance messengering app any better? Or email? Might as well just put on the tin foil hat at this point.

    It's not that programmers cannot write secure code. It's that there's not enough pressure for that to be the prime objective.
     
  22. macrumors demi-god

    kdarling

    Joined:
    Jun 9, 2007
    Location:
    Device engineer 30+ yrs, touchscreens 24+.
    #22
    Reading the article, it's not really about NFC, since that's just one possible delivery vector.

    It's more about a security hole in a popular document reader app that allows a downloaded page to install code.
     
  23. macrumors 68030

    blackhand1001

    Joined:
    Jan 6, 2009
    #23
    The issue is only related to the s3. The galaxy nexus only enables NFC polling once the device is unlocked. Samsung can easily change the s3 to work this way as well.
     
  24. macrumors 68000

    Mac.World

    Joined:
    Jan 9, 2011
    Location:
    In front of uranus
    #24
    Really? Must be why credit card companies and government ag3ncies use the tech. :rolleyes:

    To hack NFC, you must be literally within an inch of the phones chip. Not the phone, the chip. And if you believe someone is trying to do this thing to you, knows exactly where you keep your phone, etc... there is an easy way to stop them. Put your phone in your pocket with the screen facing outward. Done. Or stick a metal cover over th3 back. Or real carbon fiber.

    This is such a non issue.
     
  25. macrumors 6502a

    flameproof

    Joined:
    Jan 14, 2011
    #25
    ...and they are very unlikely to get stolen too.
     

Share This Page