NFC connections limit attacks on Android OS

November 15th, 2019
NFC connections limit attacks on Android OS

Near Field Communication (NFC) connections are quite handy for transferring data between two devices. Whether you want to send photos, videos, files, or make a payment, NFC can make it easy to do so.

Google patched a critical flaw in the Android OS that allowed hackers to "beam" malware into unpatched devices via a process called 'NFC Connections Beaming.' It relies on Android Beam, which allows an Android device to send videos, apps, images, or other files to a nearby device using Near-Field Communication (NFC) radio waves as an alternative to Bluetooth or WiFi. It's a great technology and a handy capability, but sadly, its implementation was flawed.

An independent security researcher who caught the flaw alerted Google to the problem. Even worse, the files sent in this manner to the user would not prompt them that an app was attempting to install from an "unknown source."

If there's a silver lining, it's the fact that NFC connections begin when two devices are sitting close to each other. By 'close,' we mean close. The range is limited to 4 centimeters (about an inch and a half). The NFC connections limit the attack vector's utility quite sharply.

Even so, it's something to be aware of, especially if you travel frequently. It's well worth grabbing Google's latest Android Oreo update if you haven't already done so. The alternative to this course of action is to go into your Android settings and disable Android Beam and NFC if it's a feature you seldom use.

Kudos to the sharp-eyed researcher caught the bug, and to Google, who responded swiftly and issued a fix for the issue.


Leave a comment!

Your email address will not be published. Required fields are marked *