Exploits over NFC

Is anyone aware of any attacks or exploits that are launched over NFC, whether thats now or in the past and patched. I’m just curious if any type of payload can be or has been delivered over it. Sometimes, if I show my implant to someone, and offer them to scan my implant (if they have an android, I have it set to turn on a flashlight, just an easy demo to show people some of the things you can do with it) they get concerned that I’m going to hack their device somehow. I try and assure them that my implant certainly won’t, but I’ve never wanted to venture as far to say that ANY implant or NFC device won’t, because I simply do not know that tl be the truth…my gut tells me no, but I have no evidence to back it up


What if you write a url to the implant that automatically downloads the payload?
Maybe put a meme on the page so you can act like you’re demoing the implant by showing a meme while the payload is downloaded?
I don’t have any experience with android malware, only some windows malware during a short class, but I think that would be the easiest way to accomplish it.


DT should organize NFC hackathons…


I went to a hackercon, with the intention to put a bounty out of on my uid for one of my chips thet opens my portable gun safe

I’m not fully convinced your gunna sniff an implant credential anywhere near as easy as people claim

Unfortunately it was a bit small, so I ditched the idea


A brief Google search brings this article up at the top


According to them theres atm jackpotting attacks using NFC, first I’m hearing about it though

It’s hard to exploit NFC because it’s near field, may be the applets what the chip uses. RFID has a bit larger range, if you have the needed antenna you can spoof it’s ID if you’re within 1m range

I’m mainly concerned with an attack initiated with NFC, like sending you to a malicious link, could place a programmable NFC sticker in a public place and be like “hey! Scan me!”

This thing is called social engeneering

I think the NFC part is not really playing a role in this scenario. You could just as well write the url on a wall with a pen or stick a QR code.

Where it might be interesting is sticking it on a spot where people usually put their phone down (like a restaurant table or a charging station) so they unintentionally scan it. But then again you probably can’t do much without actual user input to confirm the action. There might be some vulnerabilities to the android NFC libraries where a hacky ndef message could force an action but I have no evidence for that.

The link was more of an example, think more flashdrive type attack, you scan, no user input, payload delivered. Was just curious if a vulnerability exists, or has existed and was patched, like a zero day or something. Had a friend ask if I could hack their phone with a tap, and no other user input, and I told them probably not, but I would check and report back. I couldn’t personally find anything on the googles, but I wanted to ask here before I told them “No, no one’s been able to do that”

In that case opening malicious link on an unlocked phone by getting an nfc tag nearby qualifies. It wouldn’t work 100% of the time as some devices would ask what app to open it with or would have nfc turned off but in some cases it would.

Not that I know of but with more advanced chips with applets and stuff I’m sure someone will find a way.

1 Like

NFC used to be a vector when Android allowed NFC to be on even when the phone screen was off and locked… In theory you could walk up to any phone with a link on a malicious NFC transponder and tap it to the phone and it would literally launch the browser as soon as the user unlock the phone even if you tapped 5 minutes ago and walked away. They quickly closed that hole and now NFC is not really relevant as a unique vector… You still have to entice the user to open or tap or whatever

1 Like