NFC hack gives free ticket to ride
Here’s another NFC (near-field communication) related development that caught my eye for Android. Sophos is reporting on an NFC hack that enables free access to certain US train systems.
Lisa Vaas, on the company’s Naked Security blog, reports on security researchers demonstrating their findings at the EUSecWest security conference in Amsterdam. They have shown how NFC Android smartphones can repeatedly update their fare card information for free.
The researchers said that their application take advantage of a flaw found in some NFC-based cards that rely on Mifare Ultralight chips, used in disposable, contactless NFC cards.
The issue comes from the Ultralight cards’ counters, which are trivial to rewrite if you know what you’re doing, Benninger said.
The application is called UltraReset and works on Android 2.3.3. You can watch this in action in the video below, where a user demonstrates his freshly replenished electronic carnet of tickets. No, the app is not being made available.
On the topic of NFC, rather more tangentially, here is another security-related story to note, though this time affecting end-user data…
The Register is reporting that a hacker has demonstrated at the “Ekoparty 2012″ event how a Web page can cause the reset of certain Samsong phones to Factory Default, which could be triggered by a rogue NFC tag…
Bill Ray writes:
The devastating flaw lies in Samsung’s dialling software, triggered by the tel protocol in a URL. It isn’t applicable to all the company’s Android handsets, but those that are vulnerable can have their PIN changed or be wiped completely just by visiting a web page or snapping a bad QR code, or even bonking up against the wrong wireless NFC tag.