Tag Archives: NFC

(Credit: iStockphoto)

New cyberthreats that will emerge in 2014 include the use of Internet-connected devices to carry out physical crimes, including murders, and cybercriminals leveraging mobile-device Near Field Communications (NFC) to wreak havoc with banking and e-commerce, predicts IID (Internet Identity, a provider of technology and services that help organizations secure their Internet presence,

With nearly every device, from healthcare to transportation, being controlled or communicated with in some way via the Internet, IID predicts that criminals will leverage this to carry out murders.

Examples include a pacemaker that can be tuned remotely, an Internet-connected car that can have its control systems altered, or an IV drip that can be shut off with a click of a mouse.

“With so many devices being Internet connected, it makes murdering people remotely relatively simple, at least from a technical perspective.  That’s horrifying,” said IID president and CTO Rod Rasmussen. “Killings can be carried out with a significantly lower chance of getting caught, much less convicted, and if human history shows us anything, if you can find a new way to kill, it will be eventually be used.”

NFC dangers

By 2014, Juniper Research predicts, almost 300 million (one in five) smartphones worldwide will be NFC-enabled, and Global NFC transactions will total almost $50 billion. NFC is a set of smartphone standards that enables everything from payments to unlocking of hotel room doors to automatic peer-to-peer information exchange between two devices placed closely together. IID predicts that while the underlying technology in NFC is secure, almost all of the applications that will be written to interface with the technology will be riddled with security holes, and massive losses will ensue.

“The amount of banking and point of sale e-commerce apps that are being developed utilizing NFC is astronomical,” said IID Vice President of Threat Intelligence Paul Ferguson. “This is a gold mine for cybercriminals and we have already seen evidence that they are working to leverage these apps to siphon money.”

Other cybersecurity trends IID predicts for 2014 include:

  • A large increase of government-sanctioned malware targeting other government institutions around the globe, with nation states openly engaging in acts of cyber-espionage and sabotage
  • At least one successful penetration of a major infrastructure component like a power grid that results in billions of dollars in damage
  • An exploit of a significant military assault system like drones that result in real-world consequences

Intelligence sharing network

However, IID predicts a strong response in the form of an intelligence sharing network that will alert participating companies, government institutions, and more about the latest cybercrime attacks.

Currently, government agencies lack clear guidance about the rules of engagement for sharing, and enterprises are worried about the potential liabilities created by intelligence sharing. IID expects that Congress will enact new cybersecurity legislation that provides safe harbor protections enabling enterprises and government institutions to share intelligence without such fears in the coming months.

Murder by Internet | KurzweilAI.

Sometimes a word or sentence is enough to destroy friendships and relationships. In computing, pressing Y instead of N can create a nightmare for even the most experienced IT Pro. So it would be very frustrating if Samsung allowed a single line of code to be remotely executed, wiping your near full Galaxy S III, wouldn’t it?

Security researchers have discovered that one line of code is all it takes to start an unstoppable factory-reset of the S III, opening the possibilities for malicious websites to completely wipe the handset, restoring it to it’s out of the box experience.

Ravi Borgaonkar showed the hack at the Ekoparty security conference with a simple USSD code. He said that the code could be sent from a website, pushed to the handset by NFC or triggered by a QR code. And it’s not just the Galaxy S III that’s affected; other Samsung handsets are affected too!

The user will see the process taking place, but hitting back won’t stop the reset. The same applies to the QR codes and NFC tags; no warning and no hope of stopping it. And in a double whammy attack, a simple USSD code could be used to kill the SIM, leaving the user with a very expensive PDA.

Samsung devices running TouchWiz devices are all affected; vanilla Android OS installs will not automatically dial the code, leaving the user to intervene at the last moment. But guess what? Samsung’s default setting is to dial the code automatically.

The code has been tested on the Galaxy Beam, S Advance, Galaxy Ace, and Galaxy S II. The Samsung-made Galaxy Nexus, which runs stock Android, has dodged a bullet as is not vulnerable.

Samsung Galaxy S III remote reset exploit discovered – Neowin.