Ironically, a feature designed to make dealing with Android smartphones easier can be exploited by criminals to smuggle malware onto devices. Only a few users probably know the technique called Android Beam. It allows users to easily copy large files from one device to another via NFC, simply by keeping the sending and receiving Android devices together.
Since the introduction of this technology with Android 4.0, the system has always asked the user for permission if someone tried to install an app this way. Such installations were treated the same as attempts to install apps from sources other than the Play Store.
However, with the update to Android 8, this practice has been changed. The warning that you are installing an app from an unknown source has since disappeared on installations via NFC. A single tap of the user is now enough to install such an app that can disguise, for example, as an update. Also Android 9 and 10 are affected by this problem.
REUTERS
Anything but a new invention: As early as 2011, the then Android boss Hugo Barra presented the Android Beam function
Google itself estimates the danger of this security breach as high. Security researcher Yakov Shafranovich had already reported it to the company at the end of January. With the monthly Android security update in October, the Group has already solved the gap. So far, however, only a relatively small number of Android users have downloaded this update on their devices.
Owners of pixel smartphones are fine, because the Google phones get such updates usually first. Also, Motorola and Nokia are typically exemplary fast in passing the monthly updates to their customers. Many other manufacturers shy away from the associated effort. Even brand new smartphones are often shipped with outdated software.
Which security patch is installed can be seen in the Settings under System / About the phone or System / About the phone / Software information for an entry called Android security patch or Android security patch level .
Just do not let anyone close up
Is still an outdated security patch on the device, you can protect yourself against attacks by the described vulnerability by either switching off Android Beam or NFC completely disabled. Then, for example, digital payment functions such as Google Pay can no longer be used.
Where the appropriate settings are varies from device to device. They are usually found in the settings under entries such as device connection or connected devices . If in doubt, you can find them via the search box, at the top of the settings .
A very commonplace tip is also to keep stolen smartphones from his smartphone. Because in order for the NFC hack to work at all, a perpetrator would have to bring his transmitting device up to a few centimeters to the mobile phone of the victim. Under optimal conditions, the range of NFC is around ten centimeters.
/cloudfront-eu-central-1.images.arcpublishing.com/prisa/H6SX4JB4HJIOMBO3FUP6IGGLUI.jpg)
