The NFC 'Exploit'
I have a quick thread on twitter for this - LINK ... But if you want the condensed version:
So my understanding of the NFC exploit is that.... NFC does what is has always done. Very high level I know but NFC has always been about doing something to a touch, when programmable tags came out I would use them as 'check in' spots for 4square.
The fact this 'programmability' has been left mostly untouched for years isn't so much a CVE as it is just lazy working. Some people adopted to 'NFC' and love it, others aren't too fussed about it, and that's fine. As the effective range of an attack is centimetres.
It was never going to be an all powerful source of hacking. I used it to read my bus ticket back in the day and could have given myself free travel forever using it. Same as the card readers at laundromats where you could give yourself free washing for life.
An aspect of what makes NFC interesting is that whole 'you can program it to run whatever you want'.. again it's always been there it's just we used apps on our phones to program them, now we can use better readers to do it from a computer.
As time has gone on it was only a matter of time before someone discovered that running 'shortcut' code for androids was possible. ADB would need to be enabled on the device you are attacking through as the command to wipe is; 'adb shell; recovery --wipe_data
' or similar.
That's not a lot of code for what it's actually doing which is factory resetting your device. It's not a bug per-say it's more of an annoyance for the person you are attacking because now they have to sit through phone setup and restore from the cloud or whatever.
All I can say with my limited android faffing (read: I helped root the HTC Dream back in the day and rooted every droid I have owned since) is that I am surprised it took this long. To me it's on the same level as the dude who got the CVE for default creds on raspberry pi.
Yeh it's a pretty glaringly obvious thing, but it's not something that effects everyone and in this case it requires a very specific set of circumstance to trigger i.e. ADB enabled phone, NFC being turned on, practically close enough to lick the device etc.
Subscribe to my newsletter
Read articles from DM directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by
DM
DM
Just a dude that loves playing with computers and solving puzzles. Vuln Research | Malware detonator | Code | Certified Pentester Looking for a role in infosec.