Android Smartphone Could Be Taken Over By Hackers
Zero Day Initiative contest reveals vulnerability in Samsung Galaxy NFC feature
On Wednesday, security researchers at the Mobile Pwn2Own contest in Amsterdam demonstrated a vulnerability in both the Samsung Galaxy S3 and S2. The flaw allows hackers to take advantage of the Near Field Communication (NFC) feature on the Android smartphones, beaming an exploit simply by holding two phones next to each other. The transferred file is loaded on the victim’s smartphone and automatically opened, immediately gaining full permission. The attacker now has full control of the phone and access to all SMS messages, pictures, emails, contacts information, and more. Victims unaware the attack has even occurred as all of the malicious application’s endeavors run in the background.
The hackers explained that the attack is aimed at an application used to view documents, though they would not say exactly which. In order for the attackers to use the NFC method, the phones must be very close to each other, however it only takes a brief second of connection to download the file onto the victim’s phone. This specific vulnerability can also be exploited in other ways as well, not just through an NFC connection. It could be attached in an email which is opened and instantly installed on the user’s phone.
The organizers of the competition, Zero Day Initiative (ZDI) of HP DVLabs, will release the technical details of the hack to Samsung. A patch which will fix the bug is most likely to be released shortly after
Original article by Loek Essers.
Read the full article here.
Leave a comment
Attacks on AMD Trusted Platform Modules raise security questions. An article review. Read more
New research reveals issues with these commonly overlooked devices… An article review Read more
Known to be vulnerable since 2005, the algorithm will be phased out over the next sev Read more
Hackers are getting unusually creative in their attacks… An article review. One drawb Read more