McAfee warns of NFC malware risk

News 21 Feb, 2013

McAfee sounds alarm over NFC malware problems.

McAfee has warned that Near Field Communications (NFC) could allow mobile devices to become infected by touching other phones infected with malware.

The IT security firm said the technology has made smart devices, such as smartphones and tablets, more attractive to cybercriminals.

As a result, the company said it expects to see criminals abuse the tap-and-pay NFC technology used in mobile payment programs or “digital wallets” in "bump and infect" scams that use worms to propagate through proximity.

The distribution path can quickly spread malware through a group of people on a passenger-loaded train or at an amusement park, for example. When the newly-infected device is used to “tap and pay” for the next purchase, the scammer collects the details of the wallet account and secretly reuses these credentials to steal from the wallet.

Worm malware like this will spread by exploiting vulnerabilities on devices, warned McAfee, and could be used to “monetise the 11.8 per cent of malware families that already contain exploit behaviours.”

The company cited figures from research firm IDC that show smart devices are surpassing PCs as the preferred way to access the internet. The number of people using PCs to go online will shrink by 15 million over the next four years, while mobile users are expected to increase by 91 million, according to IDC.

Luis Blando, vice president of mobile product development at McAfee, said, despite elevated consumer awareness of threats on mobile platforms, there is still a significant knowledge gap surrounding how and when devices become infected and the level of potential damage.

“Cybercriminals are exhibiting greater levels of determination and sophistication leading to more destructive, multi-faceted hacks that are harder to spot, and thus warrant a greater degree of security and vigilance,” said Blando.

McAfee also warned that criminals are increasingly looking at ways to generate revenue from mobile devices.

During 2012, about 16 per cent of malware families detected by McAfee attempted to get devices to subscribe to premium SMS messages, and the company predicts we will see an increase in threats that will result in users only finding out they have bought premium apps when they check their bills.

Read more about: