Was NFC Hacked at HP's Mobile Pwn2Own?
Page 1 of 1
One of the winners of HP's prize money was for an exploit that leveraged NFC (near field communication) on a Samsung Galaxy Android smartphone. While the attack was delivered via NFC, it is important to note that the attack is not necessarily a vulnerability in NFC itself.
The winning team of researchers, from MWR Labs, used a technique first demonstrated by security research Charlie Miller earlier this year at the Black Hat USA event. Miller demonstrated that a feature known as Android Beam, which lets one user send an item to another without the need for the recipient to do anything, could be used to deliver an attack. In Miller's case, he used NFC Beam to open the browser and trigger a WebKit vulnerability.
Brian Gorenc, manager, Zero Day Initiative, HP DVLabs, confirmed to eSecurity Planet that MWR Labs also used Beam as its medium for attack. That said, he stressed that the actual vulnerability is different than what Miller demonstrated.
"NFC is the delivery mechanism and the vulnerability itself is in a parser in the operating system," Gorenc said.
As such, the same flaw could have potentially been triggered by delivery methods other than NFC, such as a simple email.
"The trick was to get the specific application that handled a specific file type to load and render a malicious document," Gorenc said.