Hackers exploit NFC phone payment technology

Discussion in 'iPhone' started by nusynergy, Nov 14, 2014.

  1. nusynergy macrumors regular

    Jul 3, 2008
    Kent - UK

    Several bugs in Near Field Communication (NFC) payment systems have been found by security experts.

    NFC allows people to pay for goods and services by touching their handset to a payment terminal.

    But the inclusion of the technology on phones has proved useful to hackers seeking a stealthy way to take over a mobile phone.

    In most cases the bugs would give an attacker complete access to a device's data.

    The security experts demonstrated the weaknesses in NFC technology at an event in Tokyo organised by Hewlett Packard. Called Mobile Pwn2Own the competition involves researchers and developers using bugs in an attempt to subvert a series of handsets.

    A prize pool of $425,000 (£271,000) was available to those who managed to get access to a handset's innards via a bug they had found. Entrants would get a slice of that cash by taking less than 30 minutes to carry out a successful attack via a previously unknown vulnerability.

    Eight separate devices, including an Apple iPhone, Blackberry Z30, Amazon Fire phone and Google Nexus 7, were the targets for the security experts.

    On the first day of the two-day competition five teams successfully used the bugs they had found to take over five devices. Three of the successes exploited NFC to give the attackers the ability to extract data at will from the phones. The other two attacks compromised a phone via its on-board web browser.

    UK security expert Adam Laurie, Japan's Team MBSD and South Africa's MWR InfoSecurity were among the prize winners.

    The Apple iPhone 5S, Samsung Galaxy 5, LG Nexus 5 and Amazon Fire Phone were all successfully compromised.

    Details of the vulnerabilities have now been shared with the makers of the handsets so that the bugs can be patched and fixed.
  2. Small White Car macrumors G4

    Small White Car

    Aug 29, 2006
    Washington DC
    As with most tech reporting this one raises more questions than it answers.

    The most basic one is "what does it do?" and the best they can say is that it allows access to the phone's "innards." What a wonderfully technical term.

    Do we have any reporting on this event written by someone who actually understands it?

    EDIT: This is better

    ...and it actually makes the BBC article look even worse than I had first thought. The iPhone's web browser was compromised but the BBC article makes it sound like its NFC was compromised. That's some sloppy reporting.
  3. Coupz macrumors regular

    Dec 24, 2013
  4. mercuryjones macrumors 6502a

    May 31, 2005
    College Station, TX
    Shhhhh....logic isn't welcome here.:cool:
    Seriously, the 5s was probably one of the web browser compromised devices.
  5. deeddawg macrumors 604

    Jun 14, 2010
  6. 0000757 macrumors 68040

    Dec 16, 2011

    Nice try.

    Also Forbes, it's 5S, not S5.
  7. wxman2003 Suspended

    Apr 12, 2011
    So in reality, this had no effect on mobile payments via NFC, which still remain secure.
  8. AdonisSMU macrumors 603

    Oct 23, 2010
    Ssssh! The BBC is trying to generate clicks.
  9. deeddawg macrumors 604

    Jun 14, 2010
    They must be getting jealous of The Guardian... :cool:
  10. Delmar macrumors 6502

    May 10, 2012
    Same as always :rolleyes:
  11. JoeTomasone macrumors 6502a

    Aug 8, 2014
    On the positive side, the security researcher's purchase of the Fire phone probably doubled its previous sales figures... :D

    This is also a validation of Apple's decision to initially limit access to NFC by other parts of the phone. It's a new attack vector that should only be opened for other use in a manner that doesn't permit unauthorized access. Like TouchID, I expect that permitted use will expand over time.
  12. JayLenochiniMac macrumors G5

    Nov 7, 2007
    New Sanfrakota
    How's this possible if the iPhone 5s doesn't have NFC?

    Edit: Nevermind. I just noticed a post above that said it was via Safari, not NFC.

    Pretty pathetic reporting.
  13. Cyberguycpt macrumors 6502a


    Sep 28, 2014
    This thread needs to be titled "hackers exploit nfc". No where does it say that the phone payment technology was hacked.
  14. deeddawg macrumors 604

    Jun 14, 2010
    Hey OP, perhaps you could edit the thread title to correct the misperception it gives?

Share This Page