Dont stand so close to me: an analysis of the NFC attack surface

Channel:
United States All Hacking Cons
Subscribers:
6,000
Published on ● Video Link: https://www.youtube.com/watch?v=B9awZ5CrHhc


Category:
Guide
Duration: 54:22
7 views
1

Near Field Communication (NFC) has been used in mobile devices in some countries for a while and is now emerging on devices in use in the United States. This technology allows NFC enabled devices to communicate with each other within close range, typically a few centimeters. It is being rolled out as a way to make payments, by using the mobile device to communicate credit card information to an NFC enabled terminal. It is a new, cool, technology. But as with the introduction of any new technology, the question must be asked what kind of impact the inclusion of this new functionality has on the attack surface of mobile devices. In this paper, we explore this question by introducing NFC and its associated protocols.

Next we describe how to fuzz the NFC protocol stack for two devices as well as our results. Then we see for these devices what software is built on top of the NFC stack. It turns out that through NFC, using technologies like Android Beam or NDEF content sharing, one can make some phones parse images, videos, contacts, office documents, even open up web pages in the browser, all without user interaction. In some cases, it is even possible to completely take over control of the phone via NFC, including stealing photos, contacts, even sending text messages and making phone calls. So next time you present your phone to pay for your cab, be aware you might have just gotten owned.
Presented By:
Charlie Miller
Black Hat - USA - 2012 Hacking conference
#hacking, #hackers, #infosec, #opsec, #IT, #security



Other Videos By All Hacking Cons


2021-12-30Ushering in the post GRC world applied threat modeling Alex Hutton, Allison Miller
2021-12-30USB Paul carugati
2021-12-30The future of DNS Security Panel
2021-12-30CuteCats exe and the Arab Spring
2021-12-30Hacking the Corporare Mind: using social engineering tactics to improve organizational security
2021-12-30Legal Aspects of Cyberspace Operations
2021-12-30Meeting Yaniv Karta
2021-12-30A stitch in time saves nine: A Case of Multiple Operation System Vurnarability
2021-12-30Hacking with WebSockets
2021-12-30Dex Education: Practicing safe Dex
2021-12-30Dont stand so close to me: an analysis of the NFC attack surface
2021-12-30Looking into the Eye of the Meter
2021-12-30Errata Hits Puberty: 13 years of chagrin
2021-12-30Hardware Backdooring is practical
2021-12-30Package Clone Detection
2021-12-30Evasion of Webapplication
2021-12-30MAC EFI Rootkits
2021-12-30Passive Bluetooth Monitoring
2021-12-30HTML5 Threats
2021-12-30Exchanging Demands
2021-12-30Malware


Tags:
data
hacker
security
computer
cyber
internet
technology
hacking
attack
digital
virus
information
hack
online
password
code
web
concept
protection
network
scam
fraud
malware
secure
identity
phishing
software
access
safety
theft
system
firewall
communication
business
privacy
binary
account
spy
programmer
program
spyware
hacked
hacking conference
conference
learn
how to
2022
2021
cybersecurity
owned
break in
google
securing
exploit
exploitation
recon
social engineering
Charlie Miller
NFC