Urian B., Tech Times Sep 13, 2023, 09:09 pm
Most people store their important information on their smartphones for easy access and convenient processes, which is why it is important to have security. However, a new flaw was discovered on Android devices that involve NFC hardware to access a user’s credit card details.
New security issue named CVE-2023-35671 spotted with flaws associated with simple NFC hardware
According to 9to5Google’s story, the trick involved using the correct NFC hardware on an Android device to steal sensitive data. This data may also include credit card details stored on the device.
The security issue was highlighted on GitHub with marker CVE-2023-35671, which affects Android devices. This issue will provide full access to the device’s stored credit card details through popular NFC devices like Flipper Zero.
The issue reportedly affects Android versions 5.0 and newer due to an exploitation of the Simple Screen Pinning tool.
It was noted that this issue will reportedly affect all different types of Android devices that are using the operating system from Android 5.0 and newer versions. It was also noted that the flaw takes advantage of the screen pinning tool.
The screen pinning tool reportedly lets users lock an app on the screen until users enter a PIN code. Once enabled, the “Ask for PIN before unpinning” option will be activated and users will be required to give up their PIN, which will be used against them.
This issue is said to be very unlikely but remains a concern due to its simple application
To add, the “NFC requires device unlock” option will also be turned on and then the flaw will increase the risk of the user’s credit card details. It was noted that to exploit this flaw, a user’s Google Wallet must contain the user’s credit/debit card information.
It was also noted that under the circumstances, it was also very unlikely that people would ever run into this particular issue due to its rarity. However, the issue still remains very concerning, especially because the flaws are easy to implement.
Also read: Spotify’s ‘new Showcase’ tool promises 6x more streaming success for artists—prices start at $100
How to prevent CVE-2023-35671 from stealing any important data from user’s device
Google is already aware of the problem and has already marked the severity rating of the problem as “High”, which means it will be one of its top priorities. This comes as the company will release a fix through a new security patch in September.
The new security patch will be launched for Android versions 11, 12, 12L and 13, with no mention of Android operation systems prior to Android 11. However, 9to5Google’s article shares a technique that users can implement to avoid being affected.
For users with operation systems before the latest Android version, one thing that can be done is to disable the screen pinning feature. To do this, users simply need to go to their Settings menu but it is also important to note that this feature is not enabled by default.
RELATED ARTICLE: California’s Right to Repair bill moves closer to becoming law; Apple supports it
ⓒ 2023 TECHTIMES.com All rights reserved. Do not reproduce without permission.