Security researchers from UK-based MWR Labs have managed to successfully gain access to an Android phone by sending an exploit to the device using Near Field Communications (NFC).
The hack was demonstrated at the Mobile Pwn2Own competition at EUSecWest in Amsterdam. The competition was organised by security firm TippingPoint.
Two vulnerabilities were used to gain access to and retrieve data from a Samsung Galaxy S3. The phone was running Android 4.0.4.
The first flaw was a memory corruption exploit that allowed the team to upload malware to the Samsung phone over NFC.
MWR Labs said that this exploit is not NFC specific, and could be carried out via malicious websites or email attachments.
The second flaw let them weaken Android's app sandbox and raise privileges of the executed code.
The researchers used this to upload a custom version of the firm's Mercury application, which it described as a "free framework for bug hunters to find vulnerabilities, write proof-of-concept exploits and play in Android."
The team said in a statement: "We could then use Mercury's capabilities to exfiltrate user data from the device to a remote listener, including dumping SMS and contact databases, or initiating a call to a premium rate number."
The team said Android 4.0.4 has many of the exploit mitigation features that are common to desktop Linux distributions, including Address Space Layout Randomisation (ASLR) and Data Execution Prevention (DEP), but there were shortcomings as well.
These defects allowed them to use the control they had of the device to trigger a second vulnerability.
"Crucially, the ASLR implementation is incomplete in Android 4.0.4, and does not cover Bionic (Android's linker) and /system/bin/app_process, which is responsible for starting applications on the device," said the team.
Other protections that would make exploitation harder were also found to be absent, according to the team. MWR Labs would not go into detail about the hacks until patches were available.
The MWR team won $30,000 for their hack.
In the same contest, Dutch security researchers hacked an iPhone 4S using a malicious web page that could send the phone's pictures, address books and browser history to a hacker's server by exploiting a vulnerability in Safari's WebKit engine.
-
Third time lucky? Microsoft finally begins roll-out of controversial Recall featureNews The Windows Recall feature has been plagued by setbacks and backlash from security professionals
-
The UK government wants quantum technology out of the lab and in the hands of enterprisesNews The UK government has unveiled plans to invest £121 million in quantum computing projects in an effort to drive real-world applications and adoption rates.
-
100 million Samsung Galaxy devices vulnerable to cryptographic key hackNews Widespread flaws in hardware-backed key management could enable hackers to bypass FIDO2 authentication
-
Researcher awarded $50,000 for discovering Samsung Galaxy S21 hackNews UK researcher Sam Thomas won the Pwn2Own bounty using a "unique three-bug chain"
-
Samsung to support enterprise devices with five years of Android updatesNews Samsung Galaxy S20, S21 and Note 20 series phones are among the devices set to benefit from extended support
-
Samsung Galaxy S10’s ultrasonic sensor fooled by fake fingerNews Samsung’s in-display fingerprint reader can be hacked ‘in 15 minutes’
-
Samsung laptops open to hackers after Windows Update disabledNews Security researchers warn of serious risks as Samsung overrides key security feature
-
Samsung to roll out security patch for keyboard vulnerabilityNews Bug exposing Galaxy smartphones to hackers will be squashed within coming days
-
Samsung denies Smart TV could eavesdrop on users' conversationsNews South Korean firm plays down reports of digital snooping, after privacy policy prompts alarm bells
-
Dell confirms malware on motherboardsNews Dell has shipped a small number of replacement motherboards containing a piece of malware.
