FORUMS
Remove All Ads from XDA

NFC while phone locked: what's the actual danger?

268 posts
Thanks Meter: 106
 
By zequav, Senior Member on 11th November 2012, 03:51 PM
Post Reply Email Thread
I was wondering (like many did before me, it seems) why the hell I needed to unlock my phone to change profiles by NFC, when it's way more convenient to simply touch my trouser pocket with the NFC token I have in my car to toggle +bluetooth/+data/-wifi, or simply leave the phone over the NFC sticker on my desk I when I arrive at work to do the opposite (-bluetooth/-data/+wifi).

I searched gerrit in case anyone was working on it and saw this:

http://review.cyanogenmod.org/#/c/21785/

so we won't see it in CM, it seems

Now, what's the worse thing that could happen if NFC is enabled at all times? When I swipe an unknown NFC tag the phone does nothing (besides telling me).

I decided to compile my own CM10 KANGs from now on with a patched NfcService.java (running great right now), but I'd like to know of any vulnerability I might have overlooked.
11th November 2012, 04:04 PM |#2  
adrynalyne's Avatar
Inactive Recognized Developer
Thanks Meter: 6,568
 
More
Quote:
Originally Posted by zequav

I was wondering (like many did before me, it seems) why the hell I needed to unlock my phone to change profiles by NFC, when it's way more convenient to simply touch my trouser pocket with the NFC token I have in my car to toggle +bluetooth/+data/-wifi, or simply leave the phone over the NFC sticker on my desk I when I arrive at work to do the opposite (-bluetooth/-data/+wifi).

I searched gerrit in case anyone was working on it and saw this:

http://review.cyanogenmod.org/#/c/21785/

so we won't see it in CM, it seems

Now, what's the worse thing that could happen if NFC is enabled at all times? When I swipe an unknown NFC tag the phone does nothing (besides telling me).

I decided to compile my own CM10 KANGs from now on with a patched NfcService.java (running great right now), but I'd like to know of any vulnerability I might have overlooked.


Someone steals your phone and drains the cards using Google Wallet?

Just a guess.
11th November 2012, 04:27 PM |#3  
zequav's Avatar
OP Senior Member
Thanks Meter: 106
 
More
Quote:
Originally Posted by adrynalyne

Someone steals your phone and drains the cards using Google Wallet?

Just a guess.

If someone steals my phone they will be able to unlock it and use google wallet anyway if I set my profile lock screen to "unsecure", which would be no different than setting NFC to "always".
11th November 2012, 06:51 PM |#4  
altimax98's Avatar
Senior Member
Flag Florida
Thanks Meter: 677
 
More
Google wallet wouldn't be an issue since it requires a Pin number to unlock it to use it. I would worry more about battery drain and rouge apps. Someone could in theory bump upload an app and run it. Other then that I don't know.
11th November 2012, 07:36 PM |#5  
Senior Member
Thanks Meter: 374
 
More
Pretty sure the dude trying to NFC harmful stuff to your phone will have to dry hump you first to get close enough
11th November 2012, 07:51 PM |#6  
Senior Member
Thanks Meter: 37
 
More
Proximity is somewhat an issue, however there are some places where such activity might go completely unnoticed (packed subway or train as examples.)

Also, if NFC being always on becomes a "normal" thing, or at least expected on some level, it won't take long for better methods of exploiting it to be developed.
11th November 2012, 08:29 PM |#7  
Senior Member
London
Thanks Meter: 21
 
More
Irotsoma made a mod for NFC screen off/locked, it's further down on this board if anyone wants it

Sent from my Galaxy Nexus using xda premium
11th November 2012, 10:29 PM |#8  
Senior Member
Thanks Meter: 257
 
More
Quote:
Originally Posted by Schiehallion

Irotsoma made a mod for NFC screen off/locked, it's further down on this board if anyone wants it

Sent from my Galaxy Nexus using xda premium

Nothing to add except nice user name this irotsoma

Sent from my Galaxy Nexus using Xparent ICS Tapatalk 2
12th November 2012, 10:05 AM |#9  
zequav's Avatar
OP Senior Member
Thanks Meter: 106
 
More
So no real danger if you're not paranoid, then. Good to know. A pity we won't have it in CM; I don't see any problem if it's off by default and there is a warning when you enable it.

Quote:
Originally Posted by Schiehallion

Irotsoma made a mod for NFC screen off/locked, it's further down on this board if anyone wants it

I usually don't trust random_guy's apks. I'd rather compile it myself. The patch is simple:

Code:
diff --git a/src/com/android/nfc/NfcService.java b/src/com/android/nfc/NfcService.java
index 06642f7..793cc28 100755
--- a/src/com/android/nfc/NfcService.java
+++ b/src/com/android/nfc/NfcService.java
@@ -132,7 +132,7 @@ public class NfcService extends Application implements DeviceHostListener {
     static final int ROUTE_ON_WHEN_SCREEN_ON = 2;
 
     /** minimum screen state that enables NFC polling (discovery) */
-    static final int POLLING_MODE = SCREEN_STATE_ON_UNLOCKED;
+    static final int POLLING_MODE = SCREEN_STATE_OFF;
 
     // for use with playSound()
     public static final int SOUND_START = 0;
12th November 2012, 04:44 PM |#10  
Senior Member
Thanks Meter: 111
 
More
Some dudes have already used NFC to gain access to a locked gs3 and and upload a trojan automatically and then they have full control of the phone and can have u call premium numbers or whatever the hell they want. So yes there is danger just not likely ATM but in a couple years who knows. When Trojans first came to PCs u didn't really have to worry about it but now u have skids running rampant and I wouldn't be surprised if that happened to android.

Sent from my Galaxy Nexus using xda app-developers app
12th November 2012, 08:16 PM |#11  
Senior Member
Thanks Meter: 374
 
More
Quote:
Originally Posted by squidder

Some dudes have already used NFC to gain access to a locked gs3 and and upload a trojan automatically and then they have full control of the phone and can have u call premium numbers or whatever the hell they want. So yes there is danger just not likely ATM but in a couple years who knows. When Trojans first came to PCs u didn't really have to worry about it but now u have skids running rampant and I wouldn't be surprised if that happened to android.

Sent from my Galaxy Nexus using xda app-developers app

In a controlled environment. Maybe if your live in New York and frequent the subways and stuff (ie: environments where people get packed together) you have a slight chance of it happening. If you are in those situations, turn NFC off. Otherwise, NFC has a working range of a couple cm's, so in all other cases the guy trying to trojan you will have to get so close that you'll be wondering what the hell he's trying to do.
Post Reply Subscribe to Thread

Tags
nfc

Guest Quick Reply (no urls or BBcode)
Message:
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes