In the Video Above, NFC Data, Inc. Founder Ken Mages explains why he created Padloc. NFC Data, Inc, will be attending the WIMA NFC USA Conference both today and tomorrow. NFC Data, Inc is also a press partner for the event. For more info: "click here"
A researcher from the Berlin Institute of Technology has warned against the increasing prevalence of Near-Field Communications (NFC) technology, due to major security flaws in its design and implementation.
Presenting at the European Commission Joint Research Centre's 'Digital Footprint in a Mobile Environment' event, Collin Mulliner warned attendees that NFC - a short-range radio system used to connect smartphones to other devices, which lies at the heart of future mobile payment systems - is not without its risks.
Among the issues highlighted in Mulliner's speech were a lack of encryption that could lead to man-in-the-middle eavesdropping, spoofing and corruption attacks, the ability to spoof URI - Universal Resource Indicators - from 'smart' posters used for NFC-powered advertising, and flaws in current NFC handsets that can cause serious issues.
Far from being a dry technical discussion, Mulliner's talk included proof-of-concept examples of NFC-borne attacks, including a smart poster URI spoofing attack that automatically sends a premium-rate SMS and purchases a paid-for ringtone, code that crashes Nokia and Samsung NFC-equipped handsets - including the Nexus S - through a record-payload-length bug, and a worm which propagates over NFC.
This last of these is worth a closer look: Mulliner highlighted a proof-of-concept self-propagating worm that uses NFC radios to find nearby devices to infect. The result: the digital equivalent of an airborne virus, capable of spreading rapidly between carriers simply via proximity.
Mulliner also claimed that work was progressing on a proof-of-concept creation that would be able to inject code into a handset via NFC - potentially allowing an attacker to install custom software to force the handset to do anything at all, including listen in on calls and internet traffic.
"I would say that we need to seriously reconsider security for NFC devices before major deployment of devices and services at the very least," opined privacy activist Alexander Hanff, who described the presentation as "some scary stuff".
Read more: http://www.thinq.co.uk/2011/11/29/security-researcher-warns-over-nfc-flaws/#ixzz1f6c8cAwj
Read more: http://www.thinq.co.uk/2011/11/29/security-researcher-warns-over-nfc-flaws/#ixzz1f6bnbU6k
