Is NFC Still a Vulnerable Technology?

June 17, 2013
| |
2 min read

Near Field Communication (NFC) or Near Field Confidence?

NFC or Near Field Communication is a standard that defines the exchange of data between two devices in close proximity.  For NFC enabled smartphones, that means consumers can replace their credit and debit cards with an electronic wallet.  Besides payment transactions, the technology has a wide variety of applications that it’s suitable for:

  • Access: Electronic identity & Physical Access control
  • Transactions: Store Transportation passes, Electronic Payments
  • Information: Store Personal information, View Product information, Receive discounts, Swap Media

How Vulnerable is the Technology?

NFC is inherently secure for mobile payment since transactions can only take place within roughly 4 cms, making it uncomfortably close for an attacker to ‘skim’ information. And since the NFC chip has to be queried by a reader, any encrypted credit card information stored on your smartphone can only be accessible when it’s activated at an NFC POS terminal or similar device.  A strong password protected phone will add an extra layer of protection to prevent unwanted access of a stolen device to further protect sensitive credit card or other personal data.

NFC Hacked

But wait, if you have six months of free time to debunk these NFC factoids, you may discover otherwise.  That’s just what someone did with a few NFC enabled smartphones to test out the security of the technology.  At a 2012 BlackHat conference, a researcher presented his findings on how he painstakingly hacked the devices to take advantage of a variety of exploits.  With the appropriate know-how, NFC can be manipulated too; launch a browser to link to a malicious website, download malware, upload personal info, make unwanted calls or even send SMS messages.  Pretty impressive huh?  And what about the concept of card skimming?  Imagine an NFC tag discretely placed at a point-of-sale terminal to quietly collect credit card information with some NFC skimming technology. Ouch!

What’s Taking So Long?

The slow adoption of NFC technology is being impacted by a few big barriers (lack of industry coordination / standardization, lack of infrastructure to support NFC) that will give smartphone providers some extra time to address these technology vulnerabilities (let’s hope that’s the case).

While retailers may be feeling consumer pressure to deploy NFC payments and other applications, a mis-step with the technology can have a huge impact not only on its adoption but also on the erosion of customer satisfaction, loyalty and retention. A bigger ouch!

Tim Appleby
Security Strategist for Retail Industry, IBM Security

Tim Appleby is a member of the Strategy and Planning team in IBM's new Security division. In his role as a Security Strategist for Retail, he provides insigh...
read more