A team of security researchers from U.K.-based MWR Labs gain access to Samsung Galaxy S3 phone running Android 4.0.4 by exploiting a vulnerability in the NFC feature of the device. The team comprising of L-R: Nils, Jon Butler, Tyrone Erasmus and Jacques Louw managed to cash in as much as $30,000 during the EuSecWest mobile Pwn2Own hacker contest.
Although the exploit is strictly not NFC related, Android 4.0.4 was found susceptible to issues while NFC was being used, the exploit was delivered via NFC. The hackers exploited a weakness in the way NFC is implemented in the Galaxy S3 to deliver a malicious file that was automatically opened by the Android document viewer. Once the file opened, the team exploited a zero-day flaw in the document viewer to launch a code execution attack. A second Android privilege escalation vulnerability, also zero-day, was then used to get full rights on the device.
Samsung has not yet commented at this time but we certainly expect a firmware update in the coming months.
“Through NFC it was possible to upload a malicious file to the device, which allowed us to gain code execution on the device and subsequently get full control over the device using a second vulnerability for privilege escalation,” said the team. “The same vulnerability could also be exploited through other attack vectors, such as malicious websites or e-mail attachments.”