Fwd: CORRECTION: Starting the SECURITY THEATER SEMINAR - 11.11.12 at 14:00 (room 146, Labs Build.)

1 view
Skip to first unread message

Yossi Oren

unread,
Nov 7, 2012, 7:02:22 AM11/7/12
to security-theater-announcements
Hi All,

The Security Theater is restarting - see you there!


                    Sunday, 11 November 2012, at 14:00

                    Room 146, Labs Build.

 

 

 

Exploring the NFC Attack Surface

Abstract: Near Field Communication (NFC) has been used in mobile devices in some countries for a while, and is now emerging on mobile devices in use in the United States.  This technology allows NFC-enabled devices to communicate with each other within close range, typically a few centimeters.  NFC is being deployed and adopted as a way to make payments, using a mobile device to communicate credit card information to an NFC enabled terminal.  It is a new, cool, technology, but as with the introduction of any new technology, the question that must be asked is what kind of impact the inclusion of this new functionality will have on the attack surface of mobile devices.  

In this work we explore this question by introducing NFC and its associated protocols.  Next, we describe how to fuzz the NFC protocol stack for two devices as well as provide the results of our testing.  Then we see for these devices what software is built on top of the NFC stack.  It turns out that through NFC, using technologies like Android Beam or NDEF content sharing, one can force some phones to parse images, videos, contacts, office documents, and even open up web pages in the browser, all without user interaction.  

In some cases, it is even possible to completely take control of the phone via NFC, including stealing photos, contacts, even sending text messages and making phone calls.  The next time you present your phone to pay for your cab, be aware you might have just gotten owned.

Speaker Bio: Charlie Miller is the Managing Principal of Accuvant Labs.  He was the first to hack the iPhone and the Android G1 phones, winner of the 2008-2011 Pwn2Own competitions, and author of several books, including "The iOS Hacker's Handbook".

Recorded at SecTor 2012, Toronto Canada, October 2, 2012 (tari tari!) http://2012.video.sector.ca/video/51115364

For more information about the Security Theater, please visit: http://www.eng.tau.ac.il/~consel/SecurityTheater


Reply all
Reply to author
Forward
0 new messages