Page 3 of 4 12 3 4
Reply
Thread Tools
pelago's Avatar
pelago is offline pelago
2012-07-26 , 10:44
Posts: 2,121 | Thanked: 1,540 times | Joined on Mar 2008 @ Oxford, UK
#21
Originally Posted by rainisto View Post
People learns to keep NFC off by default, and only enabling it when needed.
I think the worry is that people will install malicious NFC tags in places where you'll be using NFC, e.g. payment terminals.
 

The Following 3 Users Say Thank You to pelago For This Useful Post:
accumulator is offline accumulator
2012-07-26 , 11:11
Posts: 49 | Thanked: 103 times | Joined on Apr 2010
#22
I don't get the sudden panic.

Just like in any piece of software, all external input should be validated. Browsers have been doing that for a long time and still there's the occasional hole. Luckily the NFC stack is a lot simpler than a browser.

And, allowing access to bluetooth, or transmitting a file and opening it, should be explicitly confirmed by a user. The 'nearness' factor of NFC doesn't automatically imply that it's trusted or confirmed..
 

The Following 3 Users Say Thank You to accumulator For This Useful Post:
hw9xx is offline hw9xx
2012-07-26 , 13:43
Posts: 101 | Thanked: 62 times | Joined on Apr 2012
#23
> "If you know of a PDF bug, instead of trying to e-mail it to the person or
> get them to go to your website, you can just get near them with NFC and
> get them to render it," he explained.

So this guy is seriously telling us that a spammer will stand up from his chair and hunt each and every one of us down instead of just mailing us?

Talk about some warped sense of reality ...
 

The Following 4 Users Say Thank You to hw9xx For This Useful Post:
reinob is offline reinob
2012-07-26 , 13:48
Posts: 1,808 | Thanked: 4,272 times | Joined on Feb 2011 @ Germany
#24
Originally Posted by hw9xx View Post
> "If you know of a PDF bug, instead of trying to e-mail it to the person or
> get them to go to your website, you can just get near them with NFC and
> get them to render it," he explained.

So this guy is seriously telling us that a spammer will stand up from his chair and hunt each and every one of us down instead of just mailing us?

Talk about some warped sense of reality ...
I suppose this attack vector would be slightly more "targetted" than the usual virus/spam mass mailing.
 

The Following 4 Users Say Thank You to reinob For This Useful Post:
slashd0t is offline slashd0t
2012-07-26 , 14:48
Posts: 124 | Thanked: 75 times | Joined on Nov 2011 @ Edmonton Canada
#25
I think we need to think about the future of these such attacks.. (N9 aside)..

When digital wallets etc become more widespread and dumb users just leave this stuff on because they don't know any better, I can see this becoming the future of skimming for focused attacks for espionage etc.. I don't think mass spammers are going to use this approach.
__________________
Unicorn Beast N9 64GB
 

The Following 3 Users Say Thank You to slashd0t For This Useful Post:
hw9xx is offline hw9xx
2012-07-26 , 16:32
Posts: 101 | Thanked: 62 times | Joined on Apr 2012
#26
Originally Posted by reinob View Post
I suppose this attack vector would be slightly more "targetted" than the usual virus/spam mass mailing.
Hmmm .... hold it. Actually the thought of a hot blonde, with a manipulated nfc-tag in her e-size bra, hugging me to get close enough to the N9 in my jacket, while tongue-kissing me for diversion, rather makes me want to be "targetted" and "hacked"
 

The Following 2 Users Say Thank You to hw9xx For This Useful Post:
reinob is offline reinob
2012-07-26 , 20:51
Posts: 1,808 | Thanked: 4,272 times | Joined on Feb 2011 @ Germany
#27
Originally Posted by hw9xx View Post
Hmmm .... hold it. Actually the thought of a hot blonde, with a manipulated nfc-tag in her e-size bra, hugging me to get close enough to the N9 in my jacket, while tongue-kissing me for diversion, rather makes me want to be "targetted" and "hacked"
But then make sure you read all those "enlargement" untargetted messages, in case you need some.

OK, over and out.
 

The Following User Says Thank You to reinob For This Useful Post:
Creamy Goodness is offline Creamy Goodness
2012-07-29 , 06:35
Posts: 1,463 | Thanked: 1,916 times | Joined on Feb 2008 @ Edmonton, AB
#28
Just FYI this exploit requires inception as well as NFC and the screen unlocked so don't worry about it too much. Nobody would bother to target the people like that unless it's at the next maemo or qt meet up
Arie will come explain more in a day or two, he's at defcon and got the info straight from Charlie Miller, but he's kinda busy to explain anything in detail.
__________________
 

The Following 6 Users Say Thank You to Creamy Goodness For This Useful Post:
mikecomputing is offline mikecomputing
2012-07-29 , 09:01
Posts: 3,464 | Thanked: 5,107 times | Joined on Feb 2010 @ Gothenburg in Sweden
#29
yeah totally forgot about that screen must be active before nfc can trigger something that anoyed me before but now I realize its good, also saves battery ofcourse..
Last edited by mikecomputing; 2012-07-29 at 09:06.
 

The Following User Says Thank You to mikecomputing For This Useful Post:
Arie is offline Arie
2012-08-08 , 22:40
Posts: 1,539 | Thanked: 1,604 times | Joined on Oct 2011 @ With my N9
#30
I forgot to update this....

I spoke to Charlie Miller...

He said the N9 is safe for the most part... It took him 6 months to even do what he did with his N9.... That was with inception and a few other tricks and hacks.

This has been overblown beyond what it needs to be.

All you need to do is set Bluetooth confirm and sharing to on and NFC to off, you can't be touched at that point.
__________________
Arie|www.everythingn9.com|Nokia N9 64GB x2|Nokia N950

@everythingn9

Temporary Inception Fix

Times Banned from TMO: 4
 

The Following 6 Users Say Thank You to Arie For This Useful Post:
Reply
Page 3 of 4 12 3 4

« Previous Thread | Next Thread »

 
Forum Jump


All times are GMT. The time now is 15:43.

Contact Us - Home - Archive - Top