
Hacking Android Smartphones with NFC Tags - lainon
https://arxiv.org/abs/1705.02081
======
jbob2000
Ehhh, this is kinda dumb. There isn't a vulnerability in NFC per se, just that
you can encode NFC tags with malicious URLs. If the user isn't paying
attention, they might get served with a phishing page, or a page that scrapes
the user's location. QR codes would have the same vulnerability. This isn't an
NFC problem, this is a social engineering problem - don't scan tags you don't
trust, just like you shouldn't open up emails you don't trust.

~~~
fenwick67
There are a couple of differences:

1\. Scanning a QR tag and going to the URL requires the user to open a QR
reading app at minimum. NFC scanning runs in the background.

2\. QR codes are visible to humans, whereas you can put an NFC tag in
anything, and can spoof it from at least centimeters away.

3\. The contact info vulnerability, which isn't just opening a URL, seems
really bad, as it adds stuff to your contacts without asking.

~~~
NeutronBoy
For NFC to work your screen has to be on - you can't hijack a phone in
someones pocket.

~~~
waltwalther
Just tested this with my N6 - confirmed.

