During the Black Hat conference, security specialist Charlie Miller showed some problems with the NFC implementation on the Nokia N9. Miller explained that when NFC is turned on, an N9 will automatically accept all connection requests without prompting the user. He said this opens the device to attackers who can control the device to make calls, send text messages, or download data.
Cnet was at the conference and reported that Miller also discussed an attack by sending a malicious Word document using NFC to the Nokia N9. Since the Nokia N9 accept file transfers without warning, it opens an application to render the downloaded file. The Nokia N9 has to come within a few centimeters of an attacker’s NFC tag to work.
Miller said he had sent his research to Nokia. In a statement to Ars Technica, Nokia officials wrote:
Nokia takes product security issues seriously. Nokia is aware of the NFC-research done by Charlie Miller and are actively investigating the claims concerning Nokia N9. Although it is unlikely that such attacks would occur on a broad scale given the unique circumstances, Nokia is currently investigating the claims using our normal processes and comprehensive testing. Nokia is not aware of any malicious incidents on the Nokia N9 due to the alleged vulnerabilities.