• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

Android Vulnerability: NFC and Android Beam

November 6, 2019 By Emil Hozan

Nightwatch Cybersecurity’s Y. Shafranovich posted about a near filed communication (NFC) vulnerability affecting Android versions 8.0 and higher. Specifically, there is an Android feature known as Android Beam that’s built around this technology, and it’s intended for close-proximity data-sharing scenarios. NFC has an effective range of about 4 cm (1.5 inches), which doesn’t seem like much but still enough to pose a threat. With security, given an inch may lead to attackers taking a mile.

The scary thing here is if Android-based POS systems were compromised and you went to make a payment while both features were on. To clarify, there are two distinct settings. In order to enable Android Beam, NFC must be enabled in the first place. There was actually a similar vulnerability back in 2012 when researcher Charlie Miller was able to exploit NFC and Android Beam vulnerabilities and have Android devices automatically open up web requests, potentially even to attacker-controlled web servers. Scarier still is the fact that there was no user interaction required in this case!

Bottom line: don’t just leave NFC enabled. In fact, don’t just leave any service on unless you’re actively using it. For me, this includes Wi-Fi, Bluetooth and NFC. Wireless technologies have both advantages and disadvantages. Unfortunately, unknown disadvantages are where zero day vulnerabilities come into play and they can attract some nefarious threat actors.

Share This:

Related

Filed Under: Editorial Articles Tagged With: android security, NFC

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
  • US National Cybersecurity Strategy
  • 3CX Supply Chain Attack
  • Here Come The Regulations

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • 3CX Supply Chain Attack
  • The NSA’s Guidance on Securing Authentication
  • Cybersecurity News: LastPass Incident Revealed, White House Issues Cybersecurity Strategy, FBI Purchases Leaked USHOR PII Data, and a Slew of Other Breaches
  • An Update on Section 230
  • Here Come The Regulations
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use