Hackers exploit NFC phone payment technology

Discussion in 'iPhone' started by nusynergy, Nov 14, 2014.

  1. nusynergy macrumors regular

    Joined:
    Jul 3, 2008
    Location:
    Kent - UK
    #1
    h**p://www.bbc.co.uk/news/technology-30036137

    Several bugs in Near Field Communication (NFC) payment systems have been found by security experts.

    NFC allows people to pay for goods and services by touching their handset to a payment terminal.

    But the inclusion of the technology on phones has proved useful to hackers seeking a stealthy way to take over a mobile phone.

    In most cases the bugs would give an attacker complete access to a device's data.

    The security experts demonstrated the weaknesses in NFC technology at an event in Tokyo organised by Hewlett Packard. Called Mobile Pwn2Own the competition involves researchers and developers using bugs in an attempt to subvert a series of handsets.

    A prize pool of $425,000 (£271,000) was available to those who managed to get access to a handset's innards via a bug they had found. Entrants would get a slice of that cash by taking less than 30 minutes to carry out a successful attack via a previously unknown vulnerability.

    Eight separate devices, including an Apple iPhone, Blackberry Z30, Amazon Fire phone and Google Nexus 7, were the targets for the security experts.

    On the first day of the two-day competition five teams successfully used the bugs they had found to take over five devices. Three of the successes exploited NFC to give the attackers the ability to extract data at will from the phones. The other two attacks compromised a phone via its on-board web browser.

    UK security expert Adam Laurie, Japan's Team MBSD and South Africa's MWR InfoSecurity were among the prize winners.

    The Apple iPhone 5S, Samsung Galaxy 5, LG Nexus 5 and Amazon Fire Phone were all successfully compromised.

    Details of the vulnerabilities have now been shared with the makers of the handsets so that the bugs can be patched and fixed.
     
  2. Small White Car macrumors G4

    Small White Car

    Joined:
    Aug 29, 2006
    Location:
    Washington DC
    #2
    As with most tech reporting this one raises more questions than it answers.

    The most basic one is "what does it do?" and the best they can say is that it allows access to the phone's "innards." What a wonderfully technical term.

    Do we have any reporting on this event written by someone who actually understands it?

    EDIT: This is better
    http://www.securityweek.com/mobile-pwn2own-2014-iphone-5s-galaxy-s5-nexus-5-fire-phone-hacked

    ...and it actually makes the BBC article look even worse than I had first thought. The iPhone's web browser was compromised but the BBC article makes it sound like its NFC was compromised. That's some sloppy reporting.
     
  3. Coupz macrumors regular

    Joined:
    Dec 24, 2013
  4. mercuryjones macrumors 6502a

    Joined:
    May 31, 2005
    Location:
    College Station, TX
    #4
    Shhhhh....logic isn't welcome here.:cool:
    Seriously, the 5s was probably one of the web browser compromised devices.
     
  5. deeddawg macrumors 604

    Joined:
    Jun 14, 2010
    Location:
    US
    #5
  6. 0000757 macrumors 68040

    Joined:
    Dec 16, 2011
    #6
    http://www.forbes.com/sites/thomasb...nexus-5-samsung-s5-vulnerable-mobile-pwn2own/

    Nice try.

    Also Forbes, it's 5S, not S5.
     
  7. wxman2003 Suspended

    Joined:
    Apr 12, 2011
    #7
    So in reality, this had no effect on mobile payments via NFC, which still remain secure.
     
  8. AdonisSMU macrumors 603

    Joined:
    Oct 23, 2010
    #8
    Ssssh! The BBC is trying to generate clicks.
     
  9. deeddawg macrumors 604

    Joined:
    Jun 14, 2010
    Location:
    US
    #9
    They must be getting jealous of The Guardian... :cool:
     
  10. Delmar macrumors 6502

    Joined:
    May 10, 2012
    Location:
    Texas
    #10
    Same as always :rolleyes:
     
  11. JoeTomasone macrumors 6502a

    Joined:
    Aug 8, 2014
    #11
    On the positive side, the security researcher's purchase of the Fire phone probably doubled its previous sales figures... :D

    This is also a validation of Apple's decision to initially limit access to NFC by other parts of the phone. It's a new attack vector that should only be opened for other use in a manner that doesn't permit unauthorized access. Like TouchID, I expect that permitted use will expand over time.
     
  12. JayLenochiniMac macrumors G5

    Joined:
    Nov 7, 2007
    Location:
    New Sanfrakota
    #12
    How's this possible if the iPhone 5s doesn't have NFC?

    Edit: Nevermind. I just noticed a post above that said it was via Safari, not NFC.

    Pretty pathetic reporting.
     
  13. Cyberguycpt macrumors 6502a

    Cyberguycpt

    Joined:
    Sep 28, 2014
    #13
    This thread needs to be titled "hackers exploit nfc". No where does it say that the phone payment technology was hacked.
     
  14. deeddawg macrumors 604

    Joined:
    Jun 14, 2010
    Location:
    US
    #14
    Hey OP, perhaps you could edit the thread title to correct the misperception it gives?
     

Share This Page