Hackers exploit NFC phone payment technology

  • Published
Money in pocket
Image caption,
The bugs in the payment system could let attackers get at the contents of a phone

Several bugs in Near Field Communication (NFC) payment systems have been found by security experts.

NFC allows people to pay for goods and services by touching their handset to a payment terminal.

But the inclusion of the technology on phones has proved useful to hackers seeking a stealthy way to take over a mobile phone.

In most cases the bugs would give an attacker complete access to a device's data.

The security experts demonstrated the weaknesses in NFC technology at an event in Tokyo organised by Hewlett Packard. Called Mobile Pwn2Own the competition involves researchers and developers using bugs in an attempt to subvert a series of handsets.

A prize pool of $425,000 (£271,000) was available to those who managed to get access to a handset's innards via a bug they had found. Entrants would get a slice of that cash by taking less than 30 minutes to carry out a successful attack via a previously unknown vulnerability.

Eight separate devices, including an Apple iPhone, Blackberry Z30, Amazon Fire phone and Google Nexus 7, were the targets for the security experts.

On the first day of the two-day competition five teams successfully used the bugs they had found to take over five devices. Three of the successes exploited NFC to give the attackers the ability to extract data at will from the phones. The other two attacks compromised a phone via its on-board web browser.

UK security expert Adam Laurie, Japan's Team MBSD and South Africa's MWR InfoSecurity were among the prize winners.

The Apple iPhone 5S, Samsung Galaxy 5, LG Nexus 5 and Amazon Fire Phone were all successfully compromised.

Details of the vulnerabilities have now been shared with the makers of the handsets so that the bugs can be patched and fixed.

Related Internet Links

The BBC is not responsible for the content of external sites.