Info

Disclosure

Sep 19, 2012

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Samsung Galaxy S2 and Galaxy S3 phones contain a flaw in the Near Field Communication (NFC) functionality. When a malicious user's phone is within close proximity, almost touching the victim's phone, a crafted application can push a second malicious application to the other device. While this functionality is designed to share images, the Galaxy phones will take executables as well. Once the malicious application is pushed, it will be executed immediately without user interaction. This will grant the attacker user level privileges.

Classification

Location: Physical Access Required, Mobile Phone / Hand-held Device
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Solution Unknown
Exploit: Exploit Private
Disclosure: Uncoordinated Disclosure

Solution

OSVDB is not aware of a solution for this vulnerability.

Products

Samsung Electronics Co., Ltd.	Galaxy S3	Unspecified
Samsung Electronics Co., Ltd.	Galaxy S2	Unspecified

References

Secunia Advisory ID: 50914
Related OSVDB ID: 86197
News Article: http://dvlabs.tippingpoint.com/blog/2012/10/05/eusecwest-mobile-pwn2own-2012-recap
http://www.computerworld.com/s/article/9231448/Galaxy_S3_hacked_via_NFC_at_Mobile_Pwn2Own_competition
http://www.securityweek.com/galaxy-s3-hacked-nfc-during-mobile-pwn2own
Other Advisory URL: http://labs.mwrinfosecurity.com/blog/2012/09/19/mobile-pwn2own-at-eusecwest-2012/
http://labs.mwrinfosecurity.com/blog/2012/09/19/mobile-pwn2own-at-eusecwest-2012/
Mail List Post: http://seclists.org/isn/2012/Sep/55
Vendor URL: http://www.samsung.com/global/galaxys3/

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/86083

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Samsung Electronics Co., Ltd.

Galaxy S3

Galaxy S2

References

Credit