Most people store their important information on their smartphone for easy access and convenient processes which is why it's important to have security. However, a new loophole was spotted on Android devices which involves NFC hardware to access a user's credit card details.
New Security Issue Called CVE-2023-35671 Spotted with Loophole Involving Simple NFC Hardware
According to the story by 9to5Google, the loophole involved using the right NFC hardware on an Android device in order to steal sensitive data. This data could even include the stored credit card details on the device.
The security issue was highlighted on GitHub with the marker CVE-2023-35671, which affects Android devices. The issue would provide full access to the device's stored credit card details through popular NFC devices like the Flipper Zero.
The Issue Reportedly Affects Android Version 5.0 and Newer Versions Due to It Exploiting the Simple Screen Pinning Tool
It was noted that the issue will reportedly affect all different types of Android devices that are using the operating system from Android 5.0 and newer versions. It was also noted that the loophole takes advantage of the Screen Pinning tool.
The Screen Pinning tool reportedly lets users lock an app on the screen until users enter a PIN code. Once enabled, the "Ask for PIN before unpinning" option will then be activated with users needing to give up their PIN, which would be used against them.
The Issue is Said to be Very Unlikely but Remains a Concerning Issue Due to Its Simple Application
To add, the "Require device unlock for NFC" option will also be turned on and the loophole would then push the exposure of the user's credit card details. It was noted that in order for this loophole to be exploited, the user's Google Wallet needs to hold the user's credit/debit card info.
It was also noted that through the circumstances, it is also very unlikely that people would ever run into this particular issue because of its rarity. However, the issue still remains very concerning especially since the loophole is easier to apply.
Read Also: Spotify's 'New Showcase' Tool Promises 6x More Streaming Success for Artists-Prices Start at $100
How to Prevent CVE-2023-35671 from Stealing Any Important Data from the User's Device
Google is already aware of the issue and has already marked the issue's severity rating as "high," meaning it would be one of its top priorities. This came as the company will be issuing a fix in September through a new security patch.
The new security patch will be launched for Android versions 11, 12, 12L, and 13, with no mention of Android operation systems before the Android 11. However, the article by 9to5Google shares a technique that users can apply to avoid being affected.
For users with operation systems before the latest Android version, one thing that can be done is to disable the Screen Pinning feature. To do this, all users have to do is go to their Settings menu but it's also important to note that this feature isn't enabled by default.
Related Article: California's Right to Repair Bill Inches Closer to Becoming Law; Apple Supports It
