Nokia N9 and Android NFC security issues?

| July 27, 2012 | 17 Replies

I remember watching some tech show that presented the potential negatives of NFC wallets as easy targets for e-thiefs. They’ll simply pass you and upon NFC contact, you’ll get charged.

Ars Technica highlights this issue on Android and Nokia handsets with NFC based on 6 months of research by Charlie Miller. Regarding Nokia NFC, they look at the Nokia N9.

“Code on the attacker-controlled chip or handset is beamed to the target phone over the air, then opens malicious files or webpages that exploit known vulnerabilities in a document reader or browser, or in some cases in the operating system itself.”

http://arstechnica.com/security/2012/07/android-nokia-smartphone-hack/

NFC on the N9 is not on by default. It makes sense now I think about security issues (though not in terms of usability issues).

NFC on the N9 isn’t turned on by default, but once it’s enabled, it too will accept malicious content and requests with no prompting. Among the easiest and most damaging attacks are those that use NFC to establish a Bluetooth connection with another device. Once NFC is turned on, an N9 will automatically accept all connection requests with no prompting

http://arstechnica.com/security/2012/07/android-nokia-smartphone-hack/

… in range, he can force it to make phone calls, send text messages, or upload and download proprietary files, including contact lists

Nokia officials apparently responded, acknowledging these issues:

Nokia takes product security issues seriously. Nokia is aware of the NFC-research done by Charlie Miller and are actively investigating the claims concerning Nokia N9. Although it is unlikely that such attacks would occur on a broad scale given the unique circumstances, Nokia is currently investigating the claims using our normal processes and comprehensive testing. Nokia is not aware of any malicious incidents on the Nokia N9 due to the alleged vulnerabilities

http://arstechnica.com/security/2012/07/android-nokia-smartphone-hack/

Cheers Gäst for the tip!

Category: Maemo, MeeGo, Nokia

About the Author ()

Hey, thanks for reading my post. My name is Jay and I'm a medical student at the University of Manchester. When I can, I blog here at mynokiablog.com and tweet now and again @jaymontano. We also have a twitter and facebook accounts @mynokiablog and  Facebook.com/mynokiablog. Check out the tips, guides and rules for commenting >>click<< Contact us at tips(@)mynokiablog.com or email me directly on jay[at]mynokiablog.com

Comments (17)

Trackback URL | Comments RSS Feed

Sites That Link to this Post

  1. Nokia N9 y Android cuestiones de seguridad NFC | MundoMeego | January 20, 2013
  1. Aliqudsi says:

    Sounds scary, can’t believe I never thought of how simple it would be to use it like that; all it takes is a simple “bump” in a crowded street and you’ll be charged.

    • disguy says:

      Why not? Same thing can happen to your cc sitting in your back pocket. They bump into you and get your cc number. Problem with this is not only getting random charges but getting your files hacked. Nudies Galore.

      • skint says:

        The NFC on the N9 is only active when the screen is unlocked, so chances of a bump into your pocket accessing it is very unlikely. Also Nokia have stated that the NFC on the N9 does not meet security standards for NFC payment so I see this as a non issue.

  2. m says:

    Jay,
    you should post excerpts from the TMO thread regarding this and you’ll see while NFC is not totally safe there is not much to panic if its kept off. Arie’s response is one of the best as he too was at black hat watching this live…

  3. lmiked says:

    Well, I have the N9 now for almost half a year and never used it… So it’s always turned off. And then, even if its on, isn’t it required for the devices to be very close, almost touch even for it to communicate?
    And… How would I be charged in case anyone was able to communicate with my device through NFC? Would it charge my phone bill? Or what? Lol
    sorry, I’m just not aware of how this could be dangerous.

    • Gerii says:

      I think it could theoretically emulate a Bluetooth headset and then call a premium number.
      But there’s an option on the N9 to ask the user when a device wants to connect to the N9 via NFC. Just turn it on and you should be safe.

      • lmiked says:

        exactly!!! That’s just what I was going to say, there is an option on N9 called confirm sharing and connecting which you can activate, so it probably it asks you if you want to accept every connection/transfer/sharing.

  4. reptile says:

    I think it’s only safer on Symbian because it requires the user to confirm when it tries to access something thru NFC. At least, I think it does that for everything. I know it does that for the picture transfers, not sure about the other NFC features.

  5. Lucillda Wellington says:

    buhahahaha whatever to say, you haven’t even mentioned W problems with safety. That is tha pain in…
    I think N9 now is the most save and secure mobile on the whole market. And will be for nex at last 3-5 years.
    Mentioned problem is only a question of prope settings of the mobile.
    I don’t buy it, it’s an example of non objective approach to certain products by Nokia of Nokia….. and funy one rather…..

  6. Gäst says:

    I don’t think this is an OS problem but rather an NFC feature thats misused.
    But i can see how it could be used for “skimming” NFC payments with false NFC chipsets.

    • lmiked says:

      But isn’t information like name, credit card number, expiry date, and security code needed for a payment to be made? So unless you have all that stored in your phone, you have nothing to worry about… Plus, when you’re not using NFC, just switch it off, not only you’re protected, but it’ll also probably save you some battery, and last but not least, the N9 does include the option to allow you to confirm sharing and connecting.

      cheers

Leave a Reply