Android bug let hackers spread malware by tapping your phone
Google has patched an Android bug which allowed hackers to propagate malware through Near-Field Communications (NFC) technology, ZDNet reports.
NFC beaming is a feature in Android which allows users to send data to nearby devices through NFC technology – similar to Bluetooth, but over a much shorter distance (4cm).
When receiving files through NFC beaming, the user’s device is meant to show a notification which asks the user to confirm whether they want to receive the files.
However, security researchers learned in January that data which was being sent via NFC beaming on Android 8 or later was not displaying this prompt, allowing apps to be installed with a single tap.
How it works
Usually, installing apps on Android from outside the Play Store requires the user to enable the “install apps from unknown sources” feature.
However, from Android 8 onward, this feature switched from being system-wide to being app-specific – which meant that users could choose which of their apps could install other apps without being blocked.
The Android NFC beaming app was automatically whitelisted, which allowed malicious parties to use the technology to transmit malware to nearby devices without a prompt being shown.
Google patched this issue in October 2019, but users who haven’t updated their devices are still at risk. Users can also disable Android Beam and NFC to ensure that they are not affected by the exploit.
Now read: The history of Wi-Fi – 1971 to 2019
Loading ...