NFC-based Android hacks open up devices to remote takeover

Android devices with NFC chips are vulnerable to remote takeovers via a small device that, when “paired” with a smartphone or tablet, executes malicious code to gain access to the affected handset. This flaw in the Android browser was revealed during the Black Hat security conference in Las Vegas this week, and the discoverer of the flaw is using the opportunity to encourage Google to fix the problem as soon as possible.

In fact, the problem is already fixed in Jelly Bean, which comes with Chrome as a default browser. The problem is that millions of devices are stuck on Gingerbread, while Ice Cream Sandwich still uses the stock Android browser by default. Once the majority of customers move over to Chrome for Android, the problem will sort itself out.

Another hack uses something called a Javascript bridge to evade Google’s “Bouncer” shield for identifying malware in the Google Play Store. This could allow a malicious app to be installed on a device and its perpetrators gain access to the root filesystem by opening up the stock browser.

As a result of these potential harmful exploits, many security experts are advising companies to steer clear of Android unless the handsets are running the latest version of the operating system.

Source: Reuters