Galaxy S3 hacked via NFC at Mobile Pwn2Own competition

[InfoSec News <alerts () infosecnews org>]

http://www.computerworld.com/s/article/9231448/Galaxy_S3_hacked_via_NFC_at_Mobile_Pwn2Own_competition

By Loek Essers
IDG News Service
September 19, 2012

The Samsung Galaxy S3 can be hacked via NFC, allowing attackers to 
download all data from the Android smartphone, security researchers 
demonstrated during the Mobile Pwn2Own contest in Amsterdam on 
Wednesday.

Researchers from security company MWR Labs showed the audience at the 
Mobile Pwn2Own competition at the EUSecWest security conferenceA that it 
is possible to beam an exploit over a NFC (Near Field Communication) 
connection by holding two Galaxy S3s next to each other.

Using this technique, a file is loaded on the targeted S3. The file is 
then automatically opened and gets full permissions, meaning that the 
attacker has full control over the phone, explained Tyrone Erasmus, 
security researcher at MWR. The app runs in the background so the victim 
is unaware of the attack, he added.

The attacker, for instance, gets access to all SMS messages, pictures, 
emails, contact information and much more. The payload is very advanced, 
so attackers can "basically do anything on that phone," the researchers 
said.

[...]


--
#HITB2012KUL - The 10TH ANNUAL HITB Security Conference in Malaysia
with no keynotes, no labs - just three tracks filled with our most
popular speakers from the last decade: http://conference.hitb.org/