You can check this paper : http://media.blackhat.com/bh-us-12/Briefings/C_Miller/BH_US_12_Miller_NFC_attack_surface_WP.pdf
It's from a talk given by Charlie Miller at BlackHat 2012 :
Near Field Communication (NFC) has been used in mobile devices in some
countries for a while and is now emerging on devices in use in the
United States. This technology allows NFC enabled devices to
communicate with each other within close range, typically a few
centimeters. It is being rolled out as a way to make payments, by
using the mobile device to communicate credit card information to an
NFC enabled terminal. It is a new, cool, technology. But as with the
introduction of any new technology, the question must be asked what
kind of impact the inclusion of this new functionality has on the
attack surface of mobile devices. In this paper, we explore this
question by introducing NFC and its associated protocols.
Next we describe how to fuzz the NFC protocol stack for two devices as
well as our results. Then we see for these devices what software is
built on top of the NFC stack. It turns out that through NFC, using
technologies like Android Beam or NDEF content sharing, one can make
some phones parse images, videos, contacts, office documents, even
open up web pages in the browser, all without user interaction. In
some cases, it is even possible to completely take over control of the
phone via NFC, including stealing photos, contacts, even sending text
messages and making phone calls. So next time you present your phone
to pay for your cab, be aware you might have just gotten owned.
There is a tons of links at the end.