Near Field Communication (NFC) or Near Field Confidence?

NFC or Near Field Communication is a standard that defines the exchange of data between two devices in close proximity.  For NFC enabled smartphones, that means consumers can replace their credit and debit cards with an electronic wallet.  Besides payment transactions, the technology has a wide variety of applications that it’s suitable for:

  • Access: Electronic identity & Physical Access control
  • Transactions: Store Transportation passes, Electronic Payments
  • Information: Store Personal information, View Product information, Receive discounts, Swap Media

How Vulnerable is the Technology?

NFC is inherently secure for mobile payment since transactions can only take place within roughly 4 cms, making it uncomfortably close for an attacker to ‘skim’ information. And since the NFC chip has to be queried by a reader, any encrypted credit card information stored on your smartphone can only be accessible when it’s activated at an NFC POS terminal or similar device.  A strong password protected phone will add an extra layer of protection to prevent unwanted access of a stolen device to further protect sensitive credit card or other personal data.

NFC Hacked

But wait, if you have six months of free time to debunk these NFC factoids, you may discover otherwise.  That’s just what someone did with a few NFC enabled smartphones to test out the security of the technology.  At a 2012 BlackHat conference, a researcher presented his findings on how he painstakingly hacked the devices to take advantage of a variety of exploits.  With the appropriate know-how, NFC can be manipulated too; launch a browser to link to a malicious website, download malware, upload personal info, make unwanted calls or even send SMS messages.  Pretty impressive huh?  And what about the concept of card skimming?  Imagine an NFC tag discretely placed at a point-of-sale terminal to quietly collect credit card information with some NFC skimming technology. Ouch!

What’s Taking So Long?

The slow adoption of NFC technology is being impacted by a few big barriers (lack of industry coordination / standardization, lack of infrastructure to support NFC) that will give smartphone providers some extra time to address these technology vulnerabilities (let’s hope that’s the case).

While retailers may be feeling consumer pressure to deploy NFC payments and other applications, a mis-step with the technology can have a huge impact not only on its adoption but also on the erosion of customer satisfaction, loyalty and retention. A bigger ouch!

more from Endpoint

IOCs vs. IOAs — How to Effectively Leverage Indicators

Cybersecurity teams are consistently tasked to identify cybersecurity attacks, adversarial behavior, advanced persistent threats and the dreaded zero-day vulnerability. Through this endeavor, there is a common struggle for cybersecurity practitioners and operational teams to appropriately leverage indicators of compromise (IOCs) and indicators of attack (IOAs) for an effective monitoring, detection and response strategy. Inexperienced security […]

TrickBot Gang Uses Template-Based Metaprogramming in Bazar Malware

Malware authors use various techniques to obfuscate their code and protect against reverse engineering. Techniques such as control flow obfuscation using Obfuscator-LLVM and encryption are often observed in malware samples. This post describes a specific technique that involves what is known as metaprogramming, or more specifically template-based metaprogramming, with a particular focus on its implementation […]