SSC 315 ICT AND CRIME
docx
keyboard_arrow_up
School
Kenyatta University *
*We aren’t endorsed by this school
Course
355
Subject
Information Systems
Date
Nov 24, 2024
Type
docx
Pages
7
Uploaded by AmbassadorGoose3053
1
NFC-Based Smartphone Hijacking: Unveiling Security Risks and Solutions
Kenyatta University
Department Of Security, Peace and Diplomacy
SSC 315: ICT AND CRIME
Conrod
13/11/2023
2
NFC-Based Smartphone Hijacking: Unveiling Security Risks and Solutions
Introduction
The revelation of a skilled hacker exploiting Near Field Communication (NFC) to hijack
smartphones raises concerns about mobile device security, particularly on the Android
platform. This analysis delves into core security goals, conducts an in-depth attack analysis,
and explores relevant controls. Drawing on existing research and industry practices, effective
countermeasures are proposed to mitigate vulnerabilities. Emphasizing the importance of
NFC security, this examination underscores the need for proactive measures in safeguarding
mobile devices against potential threats.
Security Goal
Confidentiality:
A significant repercussion of the NFC-based attack lies in the potential compromise of
confidentiality. Studies indicate that despite encryption in NFC transactions, there exists a
vulnerability to eavesdropping. It is crucial to implement end-to-end encryption for NFC
communications as a robust measure to fortify confidentiality (Tu et al., 2020). This step is
essential to safeguard sensitive user data and prevent unauthorized access.
Integrity:
The attack's success in compelling handsets to access malicious websites that exploit known
vulnerabilities in Android underscores a breach in system integrity. Research emphasizes the
importance of integrity checks on NFC data to guarantee that transmitted information remains
untampered (Stoyanova et al., 2020). Strengthening the integrity of NFC interactions can be
achieved through the implementation of cryptographic measures and mechanisms for
verifying integrity. These security measures are crucial to maintaining the trustworthiness and
3
reliability of NFC-based systems, preventing unauthorized alterations to the transmitted data
and ensuring the overall integrity of the system.
Availability:
The inherent setting in Android that automatically accesses weblinks or opens files received
on the device poses a vulnerability to potential denial-of-service attacks, jeopardizing the
device's availability. Studies propose the incorporation of user-configurable settings,
empowering users to decide whether to activate automatic actions (Omolara et al., 2022).
This approach strikes a delicate equilibrium between user convenience and security,
providing individuals with the flexibility to tailor their settings based on their preferences
while concurrently fortifying the device against potential disruptions to availability.
Attack Analysis
The default configuration within the Android operating system, which automatically opens
weblinks or files upon reception, creates a potential vulnerability susceptible to denial-of-
service attacks, thereby threatening the device's availability. Considering extensive research,
it is recommended to integrate user-configurable settings into the system. These settings
would grant users the autonomy to determine whether to enable or disable automatic actions.
This strategic approach seeks to strike a nuanced balance between optimizing user experience
and maintaining robust security measures (Omolara et al., 2022). By empowering individuals
to make choices aligned with their preferences, this approach addresses concerns related to
automatic actions, mitigating potential risks associated with denial-of-service attacks. It is
pivotal to recognize the significance of offering users’ flexibility while concurrently
bolstering the device's resilience against disruptions to availability.
In this context, scholars argue that a thoughtful and user-centric design, wherein individuals
can customize their settings, is integral to achieving a harmonious coexistence of user
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
4
convenience and security imperatives. The incorporation of user-configurable settings,
allowing users to exercise control over the automatic execution of actions, is viewed as a
progressive step towards enhancing the overall security posture of Android devices. Through
this approach, users are not only afforded the freedom to tailor their preferences but also
actively contribute to the safeguarding of their devices against potential threats to availability,
thereby fostering a more secure and user-friendly technological environment.
The utilization of established weaknesses in Android via malicious websites accentuates the
critical need for prompt software updates. Studies consistently stress the necessity for
frequent security patches and updates to rectify identified vulnerabilities. This proactive
approach is essential to thwart potential attackers from capitalizing on system weaknesses.
Regular and timely software updates play a pivotal role in fortifying the Android operating
system, acting as a deterrent against the exploitation of known vulnerabilities and
contributing significantly to the overall resilience of the system.
Control Types
Preventive Controls:
To diminish the susceptibility to NFC-based attacks, it is imperative to establish robust
preventive controls. Studies propose the vigorous adoption of secure coding practices,
encompassing measures such as input validation and output encoding, within both the
Android operating system and web applications (Bhatti et al., 2022). This comprehensive
approach significantly diminishes the probability of successful exploits. Furthermore, the
implementation of stringent access controls for NFC interactions serves as an effective
deterrent against unauthorized commands, contributing to a more secure environment.
Detective Controls:
5
The incorporation of detective controls plays a pivotal role in the swift identification and
response to security incidents. Research advocates for the deployment of intrusion detection
systems (IDS) and anomaly detection mechanisms to discern irregular patterns of behavior
associated with NFC interactions. Through continuous monitoring, these detective controls
facilitate the early detection and response to potential threats. This proactive stance not only
bolsters the overall security posture but also enables a rapid and targeted response to security
incidents, minimizing the potential impact of malicious activities on NFC-based systems.
Corrective Controls:
Following a security breach, the implementation of corrective controls becomes imperative to
restore the system to a secure state. Scholars stress the significance of incident response
plans, which should include comprehensive forensic analysis to pinpoint the root cause of the
breach. Swift actions, such as timely patching of vulnerabilities and the removal of malicious
code, are pivotal corrective measures that contribute to the system's recovery and future
resilience against similar threats.
Security Awareness Training:
The integral role of user awareness in preserving the security of mobile devices is
consistently emphasized in research. Effectual security awareness training is designed to
educate users about the potential risks associated with NFC interactions, underscoring the
importance of verifying weblinks and files before opening them. Users who are well-
informed are less susceptible to falling victim to social engineering tactics. A comprehensive
security awareness program enhances user vigilance and fosters a security-conscious culture,
empowering individuals to actively contribute to the protection of mobile devices against
potential threats arising from NFC-based vulnerabilities.
Conclusion
6
The recent demonstration of smartphone hijacking through NFC technology underscores the
dynamic nature of cybersecurity threats facing mobile devices (Ayoub Si-Ahmed et al.,
2023). Security goals such as confidentiality, integrity, and availability must be addressed
through a combination of preventive, detective, and corrective controls. Research provides
valuable insights into the vulnerabilities associated with NFC technology and offers practical
recommendations to enhance security.
Balancing user convenience with security remains an ongoing challenge, necessitating
collaborative efforts from operating system developers, device manufacturers, and end-users.
As smartphones continue to play an integral role in our daily lives, ongoing research and
development in cybersecurity are crucial to staying ahead of evolving threats and
safeguarding user data. The proposed countermeasures, informed by existing research, serve
as a foundation for enhancing the resilience and security of mobile ecosystems against NFC-
based attacks.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
7
References
Ayoub Si-Ahmed, Mohammed Ali Al-Garadi, & Narhimene Boustia. (2023). Survey of Machine Learning based intrusion detection methods for Internet of Medical Things. Applied Soft Computing
, 140
, 110227–110227. https://doi.org/10.1016/j.asoc.2023.110227
Bhatti, D. S., Saleem, S., Imran, A., Iqbal, Z., Alzahrani, A., Kim, H., & Kim, K.-I. (2022). A Survey
on Wireless Wearable Body Area Networks: A Perspective of Technology and Economy. Sensors
, 22
(20), 7722. https://doi.org/10.3390/s22207722
Omolara, A. E., Alabdulatif, A., Abiodun, O. I., Alawida, M., Alabdulatif, A., Alshoura, W. H., & Arshad, H. (2022). The internet of things security: A survey encompassing unexplored areas and new insights. Computers & Security
, 112
, 102494. https://doi.org/10.1016/j.cose.2021.102494
Stoyanova, M., Nikoloudakis, Y., Panagiotakis, S., Pallis, E., & Markakis, E. K. (2020). A Survey on
the Internet of Things (IoT) Forensics: Challenges, Approaches and Open Issues. IEEE Communications Surveys & Tutorials
, 22
(2), 1–1. https://doi.org/10.1109/comst.2019.2962586
Tu, Y.-J., Zhou, W., & Piramuthu, S. (2020). Critical risk considerations in auto-ID security: Barcode vs. RFID. Decision Support Systems
, 113471. https://doi.org/10.1016/j.dss.2020.113471