A serious flaw in the Android operating system could have allowed threat actors to distribute malware via NFC beaming, an Android service that uses NFC (Near-Field Communication) radio waves in order to transfer data and software to other nearby devices that have NFC enabled.
Last month, Google issued a patch for the vulnerability, tracked as CVE-2019-2114, that affects Android 8 and later versions. The issue made it possible for cybercriminals to push malicious applications to nearby devices that had NFC enabled – the default setting on most Android devices – because the bug prevented the NFC service on receiving devices from displaying a warning that NFC was asking permission to install an app from an unknown source. Instead, the user would receive a seemingly benign notification that they could mistake for a Google Play Store request to update an app. If the user clicked on the notification, the malicious app would begin installing right away.
Read more: Android bug lets hackers plant malware via NFC beaming