Galaxy S III hacked using NFC at Mobile Pwn2Own hacking contest

Posted Sep 19, 2012 at 12:39 pm in Threads > Smartphones & Tablets

“Attackers can take full control of a Samsung Galaxy S III smartphone just by holding devices close together, researchers demonstrated”

  • Mix

    As long as you don’t accept hugs or inappropriate butt to butt touching from random strangers or download fishy files you should be fine…lol

    Still that is kind of crazy that they can pretty much take over your phone through NFC and they said that the phone need only touch for a brief second, still, wouldn’t one need to accept the transfer before accepting the file?

    I have never used NFC.

    • Taylor Wimberly

      NFC actually works without touching devices. I have tested this with the two Galaxy S IIIs and you can make a connection with the devices about an inch apart.

      • 4n1m4l

        And the screen has to be on, which most aren’t when in pocket.

    • Mix

      So you don’t need to accept something or allow for data to be transferred between phones? They just have to be close to each other with one person initiating the file transfer?

      That is kind of sketchy.

      • herbivore83

        You can enable/disable NFC, so if you leave it on you are vulnerable to attack!

      • Alexander drzfr3shboialex

        You need to send on the current phone and accept in the other, its not as insecure as you think :)

      • Teebor

        NFC is off by default as I have never interacted with any NFC options on my S3 until yesterday and I found that I both had to turn on NFC AND download an app to make it work.. Also I had to enable S Beam seperately

  • jim

    Well.looking at the mwr site they used nfc to drop a malicious file. So it could be Emailed also…cant it??

    • koorsr

      In one of the links I remember reading that they choose NFC for showmanship. It could happen through email or be downloaded through the Internet.

  • iPhone Guy

    SucK it u moron fandroids i hope viruses kill all ur phones

    • NexusUser

      Oh iPhone Guy :D Are you jealous oft NFC? :P

  • txbluesman

    IPhone guy, how did you get to this site, Apple Maps?

  • jaxidian

    My understanding is that this attack has absolutely nothing to do with NFC itself. I think this attack vector requires you to purposefully accept an NFC file transfer and then run that file (an apk?) before you can be infected. Much like you would have to download an apk then run it or be emailed an apk then run it. There isn’t necessarily an NFC vulnerability here. They’re just saying you can download an infected file via NFC. Perhaps the other person’s system could already be infected and they think they’re sending you CoolWallpapers.apk (or HotChick.jpg) when in fact they really send you DirtyLittleVirus.apk. Once you run DirtyLittleVirus.apk, it uses OTHER vulnerabilities to essentially gain Root access and do big bad nasty things.

    Long story short, I think “NFC” was just thrown into this story for no reason other than to get more media attention as “The First NFC Infection” or whatever.

  • tom

    How you guys doing is a great website. anyone ells like hacking?
    come visit best website ever

  • bill

    Nice website is a good site. hope there are alot of girls on here.
    stop by one of the fastest groving forums

  • TrufelOne

    I agree