Everyone is looking for something to put fear into people and the latest is NFC. Security researcher Charlie Miller recently showed flaws in the way Android (and MeeGo) handles NFC. He designed an NFC tag that was able to execute malicious code on a device. Obviously this tag could be place anywhere like a point-of-sale terminal.
The issue is not NFC in general, but more of the software implementation. The Android Beam specification allows NFC to automatically launch the web browser which allows for a wide range of web-based exploits. A lot of the browser bugs that were in older versions of Android have been fixed, but early Ice Cream Sandwich builds still have a lot of security holes related to the WebKit-based stock browser. A simple fix to this would be a pop up notifying the user that NFC is trying to open the browser and to either give or deny permission.
Older Android phones are still an issue in that Miller was able to hijack the application daemon that controls NFC functions in Android 2.3, in a sense bypassing the browser. Thankfully there really isn’t too many devices on Android 2.3 that have NFC. Miller used a Nexus S to demonstrate.
So there you have it folks. Is this the next big scare? I would assume Google will make software fixes accordingly, but the bottomline is that for anyone to exploit your phone (or tablet) with this method, they have to be really close to you.