If you have wanted to pay with your NFC (Near filed communication) Android device, I would hold off on that for while at least until this latest vulnerability in Android’s NFC is fixed. At a presentation at Hack in the Box Security Conference, security researchers Ricardo Rodriguez and Jose Vila presented a demo that all NFC capable Android phones are vulnerable to. This latest hack if you will, that is delivered through poisoned apps, exploits the NFC feature allowing unethical hackers to steal money from victims’ credit cards anytime the cards are near the victims’ phone.
How it works
How it works is kinda simple kinda complicated all at the same time. Rodriguez and Vila found that hackers could utilize the NFC property in the victim’s phone to steal money from the physical credit cards in his or her pocket, rather than through Google Pay, when the cards come in contact with the victim’s phone. If you think of how often your wallet is near your phone, the instance for attack becomes much more probable. The method used by the hackers is called a relay attack, which just basically allows forwarding of the entire wireless communication over a larger distance instead of a small distnace that NFC allows.
All one needs to do to execute this kind of attack, is a POS machine that can accept NFC payments, an NFC capable Android phone running Android 4.4 KitKat or above, and a little bit of time. With this kinda of attack being so simple, it is quite easy to see why this can be such a huge problem for Android and any Android users.
How to Stay Safe
Rodriguez in an interview with DigitalTimes shared this advice: “Be aware of the apps you are installing on your device – don’t use apps that haven’t been approved in the Google Play store or that are from an alternative market. If you aren’t using NFC for other stuff, just deactivate it by default. That way the application must ask you to activate NFC and if an unauthorized usage, then you will know it.”