Remember the security dangers of using your phone’s NFC features? It’s been a few years since NFC gained in popularity and Android phone makers, especially Samsung, continue to push the technology with each new model. Yes, there are many wonderful uses for NFC, but they all come with a price. Consider the drive-by mobile attack. Are you at risk?…

Remember the security dangers of using your phone’s NFC features? It’s been a few years since NFC gained in popularity and Android phone makers, especially Samsung, continue to push the technology with each new model. Yes, there are many wonderful uses for NFC, but they all come with a price. Consider the drive-by mobile attack. Are you at risk? Have you been compromised? It’s possible if you use NFC regularly.

For those who are unfamiliar, NFC stands for near-field communication. It’s a newer type of wireless communication utilized mostly by smartphones in order to perform quick data transfers between NFC-tagged devices. Coloquially, phones are “bumped” or “swiped” together. As the name indicates, it’s an extremely short-range wireless band so devices need to be within centimeters of each other to establish a connection.

The required closeness of devices might make NFC seem safe to use, but the drive-by NFC hack proves that close proximity isn’t enough to protect against the malicious.

NFC Is NOT Secure

NFC was designed to be a connection of convenience, not security. How so? Well, NFC requires you to bump, tap, or swipe an NFC-capable device (e.g., phone) against an NFC-capable reader (e.g., another phone). As long as both devices are NFC-capable and that they are within the NFC wireless range, the connection is valid. As far as the NFC protocol is concerned, the close distance is all that’s necessary for a valid transfer.

how-nfc-hacks-work-1

Can you see the weakness? No password or credential requirements! NFC connections are established automatically and do not require any form of login or password entry in the way that WiFi does. This has the potential for some real problems since anyone can establish an NFC connection with your device as long as they get close enough. Imagine if you bumped up against a virus-infected NFC device? It would only take one bump for you to catch it.

NFC can be made secure at the application layer by implementing secure channels or by requiring credentials, but NFC as a protocol itself is not secure at all. And despite the close-proximity requirements for an NFC connection to trigger, unwanted bumps do occur. Sometimes, even a well-intentioned bump (such as when paying with Google Wallet) can result in a disaster.

 

Source: How Does A Drive-By NFC Hack Work?