Near-field communication usage has grown in recent years, with 63% more interactions from 2018 to 2020.
All sources point to more people using NFC, with an expected 1.6 billion NFC-enabled devices in the world by 2024.
But is the technology secure?
Security in Near Field Communication is affected by several factors, including hackers eavesdropping on the data being transmitted and manipulating the information you receive. It’s also possible to carry out man-in-the-middle attacks. But NFC is still very secure, as it works in the short range.
If you’re wondering how secure NFC is, read on to gain the peace of mind that you aren’t unwittingly sending a hacker your financial information or personal details.
NFC: The Security Threats
There are several threats when using NFC, but the following are the most common:
Eavesdropping
Because NFC uses radio signals, hackers can tap into the transmission. Moreover, it doesn’t help that transmitters and other eavesdropping equipment are easy to create or buy.
How close does the hacker need to be to eavesdrop? While most NFC transmissions occur within a distance of 4 inches (10 centimeters), there are times when the distance might be affected by:
- The sender device.
- The attacker’s antenna.
- The attacker’s signal decoder and receiver.
- The attack site setup.
- Your device’s transmission power.
In general, a hacker can get the job done from up to 32 feet (10 meters) away when the device is actively sending out its own radio frequency field and by as far as 3.3 feet (one meter) away in passive mode.
It’s not as easy as you think, though.
Eavesdropping might be a serious issue when using NFC, but hackers will have to be extremely lucky to succeed.
NFC works over short ranges, sometimes requiring you to touch a tag with your phone, meaning that the hacker would need to be very close to you to eavesdrop when you enable NFC on your phone and use it on a smart tag.
What’s more, an NFC chip will need to be positioned in the right direction when you use it. Sometimes, a slight turn in the wrong direction will mean that your NFC chip won’t read the NFC tag.
For a hacker to eavesdrop, they would need to put an antenna positioned at the right angle. The chances of successfully listening to an NFC transmission are very slim, and it’s not often worth the time and effort.
Most hackers will probably eavesdrop into communications over Wi-Fi, Bluetooth, and other protocols with a broader range.
Using a Secure Channel To Prevent Eavesdropping
If you don’t want to risk getting eavesdropped on while using NFC, there are several standards that will ensure transmissions over secure channels.
Global Platform has a step-by-step guide on setting this up, from initiation to operation and termination. You can download their whitepaper here.
Data Corruption and Data Modification
Data corruption is when a hacker tries to disturb the transmitted data over NFC. With this form of attack, your transaction will fail, meaning you won’t be able to use the service you want to use.
For instance, if you’re trying to use NFC to pay for your bus fare, the attacker will send data to interfere with your connection and prevent the NFC reader from reading your smart card or mobile device. As a result, you won’t be able to use your mobile device to pay.
In data corruption, your data remains unchanged. The attacker won’t need to read and decipher whatever is being transmitted. They just stop it from being sent or received.
With data modification, the attacker wants your NFC device to get the wrong data. Imagine having an NFC tag that’s supposed to take you to a particular website or YouTube video. However, a hacker can change that URL into something more sinister, such as redirecting it to a website that downloads viruses and malware onto your phone.
For both of these attacks, there are some countermeasures to protect yourself. For one, hackers can physically change NFC tags. If you want to be safe, make sure that the NFC tag is not physically accessible to just anyone.
A movie poster out in the open will be an easy target for hackers who will change the smart tag. You might think that the tag lets you watch that movie’s trailer, but since the tag has been replaced, you might unwittingly download malware on your phone.
When you tap on a smart tag, always check what your phone is doing. You may be able to tell if it’s doing something that it shouldn’t. For instance, if the NFC tag is meant to help you load a specific website, but your phone is showing another site, then it might be compromised.
Man-in-the-Middle Attack
An attacker will get in between the two NFC devices and intercept their messages in this attack. But rather than stopping there, the hacker will send his or her replies to the two devices.
For instance, Device X sends the message to meet at the corner coffee shop at 7:30 pm to Device Y. However, the attacker intercepts the message and then sends Device Y the wrong message, for example, to meet at the deli at 10:00 pm. Device Y won’t know that it received the wrong message, while Device X will have no idea that the original message was intercepted.
Man-in-the-middle attacks are tough to launch on an NFC transmission, mainly because NFC is very short range. These devices usually have technologies that can detect intrusion and therefore stop the protocols.
Conclusion
The three most common security threats for NFC are:
- Eavesdropping
- Data manipulation
- Man-in-the-middle attacks
However, as you can see, the short range required for NFC to work and the technologies in place make it very difficult for anyone to carry out any of these attacks. But while the possibility is slight, you should still take all the necessary precautions you can to ensure that your NFC transmissions are secure.
0 Comments