Android bug lets hackers plant malware via NFC beaming

[silversurfer]

Content source

https://www.zdnet.com/article/android-bug-lets-hackers-plant-malware-via-nfc-beaming/

Google patched last month an Android bug that can let hackers spread malware to a nearby phone via a little-known Android OS feature called NFC beaming.
NFC beaming works via an internal Android OS service known as Android Beam. This service allows an Android device to send data such as images, files, videos, or even apps, to another nearby device using NFC (Near-Field Communication) radio waves, as an alternative to WiFi or Bluetooth.

The October 2019 Android patches removed the Android Beam service from the OS whitelist of trusted sources.
However, many millions of users remain at risk. If users have the NFC service and the Android Beam service enabled, a nearby attacker could plant malware (malicious apps) on their phones.

Android bug lets hackers plant malware via NFC beaming

All Android 8 (Oreo) or later devices are impacted. Google released a patch last month, in October 2019.

www.zdnet.com

 

[boutthatlife]

Good luck getting that patch if you got a budget android.

 

[upnorth]

Good luck getting that patch if you got a budget android.

I agree, but the positive about this nasty bug is that it only works if an attacker is close to your phone, real close!

4 cm (1.5 inches) or smaller

And it's also possible to protect oneself by simply disable NFC and the Android Beam service, or just the Android Beam.

any user can disable both the NFC feature and the Android Beam service. If they use their Android phones as access cards, or as a contactless payment solutions, they can leave NFC enabled, but disable the Android Beam service -- see image below. This blocks NFC file beaming, but still allows other NFC operations.

Spoiler

On my Huawei P20 Pro, Android Beam is called Huawei Beam. Easy disabled with a click.