Just like Bluetooth and Wi-Fi, near-field communication, aka NFC, has grown to become a commonality on modern-day smartphones.
The feature enables seamless data transfer and payments by allowing instant communication with compatible NFC-enabled devices in close proximity.
However, as it turns out, the same capability can also be leveraged by hackers for breaking into your phone.
Here’s all about it.
NFC file transfer bug on Android phones
Android smartphones featuring NFC use an internal Android OS service, called Android Beam, to transfer images, files, videos, or even apps, to phones having the same feature.
The transfer happens by way of radio waves, but according to a security researcher named Y. Shafranovich, there is also a bug in this capability that allows hackers to deliver dangerous malware on smartphones.
How it can be used to deliver malware?
Normally, when you receive an APK via NFC beaming, the phone shows a notification asking the user to decide whether they want to install the app from unknown sources.
However, Shafranovich found that phones running Android 8.0 and later didn’t show this prompt and downloaded the app as soon as it’s received.
This, he said, opened a way to secretly deliver malware on phones.
Malware could be used to steal files, use phone’s features
If a hacker manages to deliver malware using this vulnerability, they could theoretically do anything on your phone.
They could, for instance, monitor your smartphone activity, steal personal data like images and videos, or even control features, like Messages and Phone, remotely.
And, the worst part is, you won’t even realize when they would breach your phone.
Google patched the issue with October security update
As the issue posed a major security threat, Google quickly acknowledged Shafranovich’s report and issued a patch for the bug with the October 2019 security update.
The company has not commented on the matter, but if you want to keep your phone and its data safe, better update the device and keep NFC and Android Beam off.