Search the Community
Showing results for tags 'nfc'.
Ladies and Gentlemen, I would like to direct your attention to our Proxmark3 Rdv40 Kickstarter! If any of you are in to contact or contactless card security research, I strongly recommend you check this out. We are already funded and production is waiting on the green light. The team (including myself) have years of experience in the industry and believe we have produced the best proxmark available on the market. The public repo is here - https://github.com/Proxmark/proxmark3 The popular iceman fork is here - https://github.com/iceman1001/proxmark3
So I was recently looking into NFC and how cool it is to read/write to a tag to be able to use it to control your phone, clone a card (don't do dis - illegal) and other cool stuff and I thought about making a payload that installs an app on an Android (can use HID if you wanted to..) phone then runs the app in the background. What this app does is it waits to read an NFC tag which then executes a command. The command is stored on the NFC tag itself (so you install the app on the phone and come back later with your NFC tags to do all your fancy work). Works, basically, (dare I say it..) like a 'Powershell agent'. You could make like 10 different tags that can do different things on the phone. You only have to brush the tags near the phone for the phone to execute the commands. Commands could be: - Send an SMS to yourself (phone number is stored on NFC tag so it won't be stored on the phone itself) with phone data - Call someone (prank call but..you pranked the actual call itself) - Open a webpage and download a file - Download an app from the app store - Add a contact (dunno why..) - Execute a Linux command (requires rooted Android) - Enable hotspot with specified password (you could use their data..more of an annoyance than anything else - would need rooted device to change the password) - Enable Bluetooth/WiFi - Change the volume of the device (shoot it up, make it silent..) - Make it vibrate for the next 10 minutes (That would be hilarious) - Make it start randomly ringing - Add a huge number of alarms that go off every minute/hour - Enable hotspot and start a server so that you could join it and remotely manage files/apps/settings (includes starting an ADB server...oooooooo..) Possibilities are endless... Just an idea. Installing the app from the Bash Bunny onto the device is the tricky part.
I feel as though this should be a discussion for Hak5 Forum Members to have. If devices are getting more NFC capabilities why not use them for a second factor of authentication? Try combining NFC with PIN, Pattern, or Face Lock (maybe more). Try the more extreme measure of injecting an NFC capable tag into your body. I don't care what you do but please document it thoroughly and share it with everyone else.