The News‎ > ‎

More Samsung Galaxy S3 NFC Vulnerabilities (probably works on other phones as well)

posted Oct 9, 2012, 10:51 PM by Leigh Williams   [ updated Oct 9, 2012, 11:10 PM ]
So, last night we were playing around with the SGS3 and some NFC cards, seeing if we can duplicate them, and just sort-off scanning random cards to see if they have NFC chips. To our surprise, our one colleague's old University card had the MIFARE NFC chip, and it wasn't encrypted so we were able to read all the data, store it on the phone and emulate the NFC data...more about this later.

Because we were able to overwrite the data on the University card's NFC chip, we were able to store all sorts of data on there. From a contact to a URL to just random text. To our surprise, if you store a URL on the NFC chip and you read it with your SGS3, it automatically launches the browser app. Most SGS3 (and probably other phones as well) has NFC enabled, either by default or because people do not bother to turn it off. We all know about the SGS3 (and other Android phones) USSD code Factory Reset vulnerability and this is exactly what we tested. Loading the "malicious" URL (we didn't use the actual Factory Reset USSD code of course) on the NFC chip and tapping it against my phone launched the site and executed the USSD code. Your phone has to be awake (screen on) for NFC to work though, but you can easily get someone to show you their awesome new SGS3 , then without them knowing just tapping the card against it when they are not looking.

It is a nice feature to launch the appropriate app based on content, but imagine if vulnerabilities exists within these apps (or the vulnerabilities that can be exploited using these apps) what damage you can do.

We recommend turning off NFC unless you really need it! And please, update your SGS3 (and any other Android phone) as soon as possible to reduce the chances of you being vulnerable against the whole Factory Reset issue, and other undiscovered vulnerabilities.
Comments