Android devices have a not-so-common feature dubbed NFC Beam which is intended for sharing files, videos, apps and photos between two devices via NFC (Near Field Communication) radio waves.
A bug (CVE-2019-2114) has affected the Android devices running Android 8.0 (Oreo) or above that allows a bad actor to plant malware on your smartphone via NFC beaming discreetly.
How Are Hackers Exploiting NFC Feature?
Normally, when a person sends an app via NFC, a prompt appears on your device asking for permission to install the app from an unknown source.
In January this year, a security researcher named Y. Shafranovich found out that if you sent an app to someone via NFC beaming on Android devices running Android 8 (Oreo) or above — no notification appears and users can install the app with just a tap. It does not explicitly asks users whether they want to install the app from an unknown source.
Google, generally, displays a security warning when you try to install an app that is not downloaded from the Google Play Store. However, it has whitelisted certain services like the Dropbox Android app and Google Chrome to install an app without displaying the security notification.
The bug, which has now been patched by Google in its October 2019 Android updates, arises due to the fact that Google whitelisted the NFC Beaming feature. If you receive an APK file via NFC beaming on your Android device, it will be installed without a warning and the app could bundle a malicious malware.
..
Support the originator by clicking the read the rest link below.
