Stories
Slash Boxes
Comments

SoylentNews is people

Android Bug Lets Hackers Plant Malware Via NFC Beaming

posted by Fnord666 on Tuesday November 05 2019, @07:27AM   Printer-friendly
from the airborne-bugs dept.

MrPlow writes:

Submitted via IRC for AndyTheAbsurd

Google patched last month an Android bug that can let hackers spread malware to a nearby phone via a little-known Android OS feature called NFC beaming.

NFC beaming works via an internal Android OS service known as Android Beam. This service allows an Android device to send data such as images, files, videos, or even apps, to another nearby device using NFC (Near-Field Communication) radio waves, as an alternative to WiFi or Bluetooth.

Typically, apps (APK files) sent via NFC beaming are stored on disk and a notification is shown on screen. The notification asks the device owner if he wants to allow the NFC service to install an app from an unknown source.

But, in January this year, a security researcher named Y. Shafranovich discovered that apps sent via NFC beaming on Android 8 (Oreo) or later versions would not show this prompt. Instead, the notification would allow the user to install the app with one tap, without any security warning.

Source: https://www.zdnet.com/article/android-bug-lets-hackers-plant-malware-via-nfc-beaming/

Original Submission

 
This discussion has been archived. No new comments can be posted.
Android Bug Lets Hackers Plant Malware Via NFC Beaming | Log In/Create an Account | Top | 5 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)

  • (Score: 0) by Anonymous Coward on Tuesday November 05 2019, @07:48AM

    by Anonymous Coward on Tuesday November 05 2019, @07:48AM (#916167)

    Try beaming your seed of evil through my disabled NFC, mofos!

  • (Score: 0) by Anonymous Coward on Tuesday November 05 2019, @11:40AM (1 child)

    by Anonymous Coward on Tuesday November 05 2019, @11:40AM (#916200)

    The O.S is stolen and compromised by (((google))) with back-doors added for their convenience. They are making things easier and easier for themselves.

    • (Score: 0) by Anonymous Coward on Tuesday November 05 2019, @01:52PM

      by Anonymous Coward on Tuesday November 05 2019, @01:52PM (#916228)

      I was just thinking " Three letter agency/government planted back door".
      There is no other conceivable reason for its inclusion.

  • (Score: 0) by Anonymous Coward on Tuesday November 05 2019, @07:28PM

    by Anonymous Coward on Tuesday November 05 2019, @07:28PM (#916463)

    NFC stands for Near Field Communication, and as the name implies it provides a wireless communication mechanism between two compatible devices.
    NFC is a short range wireless technology having a range of 4cm or less for two devices to share data.

    The transmission frequency for data across NFC is 13.56 megahertz, and data can be sent at either 106, 212 or 424 kilobits per second,
    which is quick enough for a range of data transfers from contact details to swapping pictures, songs and videos.

    Same freq as RFID tags.

  • (Score: 2) by FatPhil on Tuesday November 05 2019, @11:56PM

    by FatPhil (863) <reversethis-{if.fdsa} {ta} {tnelyos-cp}> on Tuesday November 05 2019, @11:56PM (#916610) Homepage
    "Google said this wasn't meant to happen, as the Android Beam service was never meant as a way to install applications"

    Why, then, did they program the connection server to accept applications for installation?

    Google, to back up your assersion, show us the history of the specification document, the source code, and perhaps the test spec. To be explicit, I'm saying I don't believe you.
    --
    Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(1)