Members
  • Total Members: 14176
  • Latest: toxxxa
Stats
  • Total Posts: 42869
  • Total Topics: 16078
  • Online Today: 3666
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)









Author Topic: NFC Payment Test at Olympics Will Inspire Mobile Attackers to Go for the Gold  (Read 2636 times)

0 Members and 1 Guest are viewing this topic.

Pez

  • SCF VIP Member
  • *****
  • Posts: 776
  • KARMA: 117
  • Gender: Male
  • Pez

NFC Payment Test at Olympics Will Inspire Mobile Attackers to Go for the Gold

 
Visa is testing out its PayWave contactless payment service at the Summer Olympics in London.  Every athlete will get a Samsung Galaxy SIII phone enabled with near-field communication (NFC) along with Visa’s payment app. Contactless payments aren’t new, and similar payments by mobile phone have been tested by Google with its Wallet app and other NFC smartphones.


Larger picture

A Samsung Galaxy SIII will be given to every athlete competing at the 2012 Summer Olympics in London.


When we last looked at NFC phones and similar apps, there were questions of whether an attacker could go after the apps or the phone hardware and the Android OS. Since then we have seen a PIN-reset vulnerability that allowed an attacker to use the free prepaid card and the ability to crack PINs on the phone. Google updated the Wallet app to fix those vulnerabilities and make attacks much harder. Now attackers would need to go after the hardware itself, though this does not necessarily involve going after the Secure Element portion. One can get excellent results by targeting the OS and its NFC-handling libraries.

Fuzzing the hardware, which involves feeding corrupt or damaged data to an app to discover vulnerabilities, is a good first step. Researchers Charlie Miller and Collin Mulliner fuzzed SMS messages to great effect to discover exploitable vulnerabilities on Android and iOS phones a few years back. Mulliner has also looked at fuzzing NFC tags, going as far as developing a Python library and framework for testing older devices. Recently he updated his software to measure Android devices, allowing him to inject crafted NFC tags to a phone and then monitor the results. He can programmatically feed crafted or damaged NFC tags to Android’s library and then capture any crashes or code-execution opportunities.



Larger picture

Collin Mulliner’s NFC library can be used in fuzzing Android phones. This is very useful for discovering new vulnerabilities.


The Samsung Galaxy SIII goes on sale in North America and wordlwide within the first two weeks of July. An attacker wishing to target the device can purchase one easily and use Mulliner’s research to help find vulnerabilities and eventually develop exploits to steal a victim’s credit card. The large number of readers at the Olympics will provide places where a successful attacker can use stolen credentials to make purchases. The Olympics will also provide a concentrated pool of targets (people and phones) to pilfer from–especially if everyone is busy watching who wins the medals and not worrying about where his or her phone is.



Orginal article: Thursday, July 5, 2012 at 7:32pm by Jimmy Shah
Their is two easy way to configure a system!
Every thing open and every thing closed.
Every thing else is more or less complex.

Start Turfing ! http://scforum.info/index.php/topic,8405.msg21475.html#msg21475

Samker's Computer Forum - SCforum.info


 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.scforum.info:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising