Security expert Charlie Miller has demonstrated how to take over an Android smartphone using its NFC capability. Miller used a NFC tag to send a victim’s smartphone, which was also NFC-based, to a malicious website by using Android Beam, the P2P technology that enables users to swap content via NFC. The demonstration took place during the Black Hat security conference.

Miller, who is a principal security consultant at Accuvant, showed how the process of sending the user to an unfriendly website could be done automatically. He also explained how such a hack might be used. The NFC tag in a point-of-sale terminal or in some kind of marketing such as a movie poster is replaced and then sends users to a criminal’s website where the handset could be compromised.

He also demonstrated a similar hack on a Nokia N9 handset, which runs on the MeeGo operating system, where he took advantage of its NFC-based pairing function designed for users to share content.

His suggestion to the mobile industry to counteract his hack was to make phones prompt the user to ask permission before allowing an NFC connection.  

This is not the first time that security experts have found holes in Android’s security. Most recently an expert with McAfee found a flaw in the NFC-based Samsung Galaxy S III. In previous months, experts have cracked the PIN or managed to reset the passcode on the Google Wallet app.