A new Proof of Concept (POC), published by researchers at Waseda University, uncovered a creative attack that is being targeted at Android devices. This interesting approach used Near Field Communication (NFC), an example of NFC is using Android or Apple pay via a user’s phone. A malicious NFC chip is embedded into a specially crafted surface, such as a table in a public space, that connects to the victim’s Android device when placed on the table. Once a device connects to the malicious NFC, it forces the phone to display a connect to the network dialogue box. Even if the user presses the “Cancel” key, the malicious device forces the connection to be accepted. Once connected to the attacker’s Wi-Fi access point or to a rogue Bluetooth session, a Ghost Touch Generator mixes the keys on the victim’s device so that when the user presses cancel, it is granting the attacker access to the entire device. Once this is completed, the attacker has full control of the victim’s device and can steal any information stored on it.
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is