[quote]He discovered that the default setting in Android Beam forces a handset to visit any weblink or open any file sent to it.[/quote]
Who thought this was a good idea?
[quote]He discovered that the default setting in Android Beam forces a handset to visit any weblink or open any file sent to it. Via this route he forced handsets to visit websites that ran code written to exploit known vulnerabilities in Android.[/quote]
Get fired. Seriously.
I am happy to know that I'm not the only one that saw this coming from a mile away.
[QUOTE=Amiga OS;36958971]Unless you have someone face to face with you rubbing their phone around yours, this will not work.
Android Beam with a confirmation message would negate the entire point of it, its a quick action to share files without dicking around.[/QUOTE]
Well apparently he didn't need that from the wording of the article. Just a stronger nfc radio.
[QUOTE=Amiga OS;36958971]Unless you have someone face to face with you rubbing their phone around yours, this will not work.
Android Beam with a confirmation message would negate the entire point of it, its a quick action to share files without dicking around.[/QUOTE]
Something like a bluetooth pairing system could be more safe.
[QUOTE=Sir Whoopsalot;36958715]Who thought this was a good idea?[/QUOTE]
Someone who figured that if you physically poke phones together that you must trust the other person more than not at all.
[editline]27th July 2012[/editline]
[QUOTE=wraithcat;36959151]Well apparently he didn't need that from the wording of the article. Just a stronger nfc radio.[/QUOTE]
A little difficult to see that coming, to be fair, especially considering that he literally has to go out of his way to do it, and Android Beam has to be turned on anyway (something that is off by default, I think, i forgot)
[editline]27th July 2012[/editline]
Also there IS a confirmation, at least that's what the android beam thingie says, hold on I'll upload a picture of the screen.
[editline]27th July 2012[/editline]
[img]http://i.imgur.com/capr0.png[/img]
It says you need to tap your screen, so unless his radio is able to do that...I dunno about this.
[QUOTE=Amiga OS;36958971]Unless you have someone face to face with you rubbing their phone around yours, this will not work.
Android Beam with a confirmation message would negate the entire point of it, its a quick action to share files without dicking around.[/QUOTE]
This assumes that the system is being used normally and in good taste.
[QUOTE=Clementine;36959432]Someone who figured that if you physically poke phones together that you must trust the other person more than not at all.
[editline]27th July 2012[/editline]
A little difficult to see that coming, to be fair, especially considering that he literally has to go out of his way to do it, and Android Beam has to be turned on anyway (something that is off by default, I think, i forgot)
[editline]27th July 2012[/editline]
Also there IS a confirmation, at least that's what the android beam thingie says, hold on I'll upload a picture of the screen.
[editline]27th July 2012[/editline]
[img]http://i.imgur.com/capr0.png[/img]
It says you need to tap your screen, so unless his radio is able to do that...I dunno about this.[/QUOTE]
Woops didn't mean to rate dumb, sorry.
You have to tap whatever you want to send through NFC, his radio just sends the same signals over and over.
Damn blackhats.
I guess that the guy would get a crazy amount of money from Google if he told them their security hole too, so why being a bitch hijacking peoples cards?
Sorry, you need to Log In to post a reply to this thread.