There’s many a slip..

Security issues in Near Field Communications

Near Field Communications (NFC) is communication that is used as a contactless form between devices such as smartphones and tablets. In effect NFC payment cards have already been issued by banks and other organisations that wanted to make things quicker than the current chip-and-pin. The working distance is approximately 10cm.

Rogue card readers that will read all the cards inside your wallet/handbag, if you present your wallet/handbag to the reader. This means that in the moment that you wallet was presented to the reader all card data is read off from all the cards including the personal credit/debit cards. Such compromised readers could also re-transmit information to another nearby receiver.

Imagine a rogue reader at the office door, which read all the cards each day including those of the high-profile visitors, and logged these on your local servers for future reference. A server administrator could access this not-so-secure database retrieve the numbers and release these into the wild. What ifthe data leak was traced to your door? Would your organisation be responsible for abetting the crime?

What if a person could read your data by using reader that scanned all the cards in the room? Maybe a one transmitter and several non-interfering receivers could work?

This takes on another version of eavesdropping; the attacker could read the transaction as you present your card to the reader thereby compromising the security of the transaction. As is with RF, there are a number of factors that would determine how close an attacker needs to be to retrieve the data from the RF signal.

Denial-of-service attacks are the easiest to do. An attacker needs to transmit the correct frequencies in the spectrum at a higher power than the reader; a slightly more advanced attack could be to understand the modulation scheme and coding. By stretching this further, data manipulation and data insertion are also possible from a distance.

Proven attacks have also taken place by using a cell phone to read cards from people’s wallets and handbags. With people storing data such as bank and credit card information on cell phones for NFC use, viruses and other forms of malware targeted at smartphones will increase.

I leave further concerns and risks of the use of such technology without the use of appropriate safeguards and countermeasures to your imagination.

Further Reading

Debit Cards Details Can Be Nicked With an NFC Mobile Bump
Security in NFC
Eavesdropping Near Field Communication