Attacking phones with NFC

A session at TakeDownCon St. Louis

Monday 3rd June, 2013

2:00pm to 2:50pm (CST)

Near Field Communication (NFC) is becoming more prevalent throughout the world. This technology allows NFC enabled devices to communicate with each other within close range, typically a few centimeters. It is being rolled out as a way to make payments, by using the mobile device to communicate credit card information to an NFC enabled terminal. It is a new, cool, technology. But as with the introduction of any new technology, the question must be asked what kind of impact the inclusion of this new functionality has on the attack surface of mobile devices. In this talk, I explore this question by introducing NFC and its associated protocols.

I start by describing how to fuzz the NFC protocol stack for two devices as well as my results. Then for these devices, I show what software is built on top of the NFC stack. It turns out that through NFC, using technologies like Android Beam or NDEF content sharing, one can make some phones parse images, videos, contacts, office documents, even open up web pages in the browser, all without user interaction. In some cases, it is even possible to completely take over control of the phone via NFC, including stealing photos, contacts, even sending text messages and making phone calls. So next time you present your phone to pay for your cab, be aware you might have just gotten owned.

About the speaker

This person is speaking at this event.
Charlie Miller

Product Security Team, Twitter

Sign in to add slides, notes or videos to this session

Tell your friends!


Time 2:00pm2:50pm CST

Date Mon 3rd June 2013

Short URL


Official event site


View the schedule


See something wrong?

Report an issue with this session