Steal Your Life Using 5 Cents: Hacking Android Smartphones with NFC Tags

Abstract: Nowadays privacy in the connected world is a big user's concern. The ubiquity of mobile devices permits billions of users browse the web at anytime, anywhere. Near Field Communication (NFC) appeared as a seamlessly and simply communication protocol between devices. Commercial services such as Android Pay, and Apple Pay offer contactless payment methods that are spreading in more and more scenarios. However, we take risks while using NFC on Android devices, we can be hacked, and our privacy can be affected. In this paper we study the current vulnerabilities in the NFC-Android ecosystem. We conduct a series of experiments and we expose that with NFC and Android devices are vulnerable to URL/URI spoofing, Bank/social network information hacking, and user's device tracking via fingerprint and geo-location. It is important for the community to understand the problem and come up solution that can tackle these issues and inform the users about privacy awareness and risks on using these contactless services.