Hacker accesses data on Android phones

Black Hat conference reveals weakness in technology for virtual wallets

By Jane McFadyen

A professional hacker has developed a way to access smartphones in order to steal data from the devices.

Charlie Miller, principal research consultant at Accuvant Labs, demonstrated his work to attendees at the Black Hat hacker conference in Las Vegas.

Miller uses Near Field Communication (NFC) radio technology to program smartphones to visit websites that are loaded with software that can extract data held on the phone.

NFC is a short-range radio signal that is installed on smartphones that allows the handsets to be used as virtual wallets or e-tickets.  They work when they are brought into close proximity to similar devices or a chip reader.

Miller’s work focuses on Android phones that use the ‘Android Beam’ to exchange data between phones. He discovered that he could hack into the beam to control the phone’s browser, sending it to web pages containing the attack software.

During his demonstration, Miller used the Samsung Nexus S, the Google Galaxy Nexus and the Nokia N9 to illustrate his findings. On the Nokia phone alone he was able to make it send texts and make calls.

The Black Hat is an annual gathering of experts who come together to share their research into the field of information security.