Don't Stand So Close To Me: An Analysis of the NFC Attack Surface
"Near Field Communication (NFC) has been used in mobile devices in some countries for a while and is now emerging on devices in use near you. This technology allows NFC-enabled devices to communicate with each other within close range (typically a few centimeters). It is being rolled out as a way to make payments, by using the mobile device to communicate credit card information to an NFC-enabled terminal. It is a new, cool, technology. When any new technology is introduced, however, we must consider the impact that the new functionality has on the attack surface of mobile devices. This talk explores that question. Through NFC, using technologies like Android Beam or NDEF content sharing, one can make some phones parse images, videos, contacts, documents, and even open up web pages in the browser—all without user interaction. In some cases, it is even possible to completely take over control of the phone to steal photos or contacts—even to send text messages or make phone calls. So next time you present your phone to pay for a cab, be aware that you might have just gotten owned.