back to article Pay-by-bonk chip lets hackers pop all your favourite phones

Blood is flowing on the floor of the Pwn2Own challenge slaughterhouse, after whitehats hacked their way through an Apple iPhone 5S, Samsung Galaxy S5, LG Nexus 5 and Amazon Fire, most often by using Near Field Communications. The annual contest backed by HP, BlackBerry and Google, and run by HP's Zero Day Initiative …

  1. P. Lee

    Adam Laurie

    Did he just portal into the device?

  2. big_D Silver badge

    iPhone 6?

    If NFC attacks were so popular at the event, why wasn't there an NFC enabled iPhone in the mix? Seems a bit odd that they used an outdated device.

    1. Steve Davies 3 Silver badge

      Re: iPhone 6?

      don't you mean

      Seems a bit odd that they didn't use such an outdated device viz, the iPhone 6

    2. Anonymous Coward
      Anonymous Coward

      Re: iPhone 6?

      "Seems a bit odd that they used an outdated device."

      I'd suggest they generally choose the latest phones purely for the PR value. In reality the problem of device insecurity is greatest for all the devices out in the field in their millions and long since "unsupported" by their makers, and it is a pity that the competition didn't look at those. For example there's about four times the number of Galaxy S3 in use compared to S5, I'd guess other makes have similar situations.

      If makers were embarrassed about the problems on models they'd decided to abandon, then we might see a better approach to supporting older devices.

      1. Larry Ellinson

        Re: iPhone 6?

        Not just the makers - you'd need the networks to play ball and deliver the updates too. Of course they'd much rather upgrade your phone and extend your contract instead. Security vulnerabilities on older phones aren't a problem - they're an upsell opportunity.

  3. Scott Broukell


    I do believe I recently heard mention of Sweden's intention to become the first 'Cashless' country. I do hope the folks in charge there are taking serious note of issues regarding NFC and other such technologies. I'm off now to count the groats in the pot I buried in the garden.

  4. John Lilburne

    Did anyone see any ...

    News International journos in the place?

  5. Anonymous Coward
    Anonymous Coward


    "Pay-by-bonk chip lets hackers pop all your favourite phones "

    So does 'Near Field Communications' mean Bluetooth?

    I'm gonna have to switch that on again? not used it for years.

    why cant we wave the phone at the Pay-by-bonk station and then type a PIN in? Not that that would stop any af these hacks, just grunbling about basic effortless security procedures being thrown out the window.

  6. Yugguy

    Don't enable them

    I have disabled NFC, SBeam, DLNA and any other pointless bollocks that drains my battery and allows connection.

    I enable bluetooth for connecting to the Parrot in my car.


    1. Mike Flugennock
      Thumb Up

      Re: Don't enable them

      I disabled wifi on my 4S after Apple tried to shove the infamous battery-killing version of IOS7 off on me. I managed to get rid of the update payload itself, but I've still got the goddamn' installer nugget stinking up my phone.

  7. Lee D Silver badge

    I disable anything that looks like radio, unless I'm using a radio device of that kind.

    I don't disable 3G, but if you're not using Bluetooth, NFC, wireless etc. then why would you want them turned on anyway? For the same reason, I turn off Wifi on the ISP-supplied routers and use my own behind it.

    I bought S4 minis for myself and my girlfriend. First thing I did - went through, turned all that stuff off (including S-Beam and DLNA and whatever else). Neither of us have missed it. We can turn on Bluetooth if we want to use a headset. We've had no cause to turn either of them on or off more than a couple of times each in the last six months. And NFC only got turned on because I was showing her how you can read info off NFC cards.

    1. Thecowking

      I leave them all enabled because I use them.

      Bluetooth is on when I leave my office so it pairs with my headphones.

      NFC is combined with tasker to switch the state of my devices automagically when I put them down in different rooms. NFC stickers are pennies and it's an easy way to set your phone to a profile suitable for the room you're in

      Wifi is always on because I'd rather use that radio than 3G because it's much lower latency for web.

      3g is on because I can't always get Wifi.

      Yes, there's a potential for attack in all these channels, no it doesn't bother me. There's risk in every activity, if you're aware of it and plan accordingly, there's no reason not to partake. I really love the capabilities of newer devices, I use them and they make a lot of things in my life a little easier, a little faster or a little more capable.

      Sure it's not in everyone's risk appetite, but it is in mine. For me the pay off far outweighs the risk. Not everything is, I won't use a credit card in the US any more for example. (not until they get chip and pin at least)

  8. Anonymous Coward
    Anonymous Coward

    Just use an app

    Have an Android and found an app on the store called "Phone Schedule". Turns off and on all the relevant radio's when I need them but my routine is fairly predictable, so this works fine for me (but probably not useful to a lot of other people). Everything else that can be turned off that I do not need or use, is turned off. Does this make it safe to use the phone in public? Doubt it as there is bound to be some other issue / part / bit / thingy (real IT phrase), that allows the hackers to get in. Do what we can and hope for the best.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like