NFC (Near Field Communication) beaming can be used to transfer malware onto Android devices running Android 8.0 (Oreo) or above. This is done by taking advantage of the flaw tracked as CVE-2019-2114. NFC is possible through the Android OS service, Android Beam, and allows for the transfer of data between two devices. Hackers could instead plant malware on devices with this feature. Researcher Y. Shafranovich discovered APK files that were transferred through NFC beaming did not prompt a security notification as they typically do but instead would allow the receiver to download an app from an unknown source with one click. It was found that Google had whitelisted the NFC feature, but they did not mean to. Google addressed the issue in their October Android patches, but many users who have the NFC and Android Beam services enabled are still at risk.
Watch the Video
How does Binary Defense help protect your organization? With best in breed cybersecurity tactics, techniques, and services, we make sure that your environment is secure against the most advanced attacks.