Near field communication (NFC) is the set of protocols that enables Smartphones and other devices to establish Radio communication with each other by touching the devices together or bringing them into proximity to a distance of typically 10 cm (3.9 in) or less.
All NFC-enabled smartphones can be provided with dedicated apps including ‘ticket’ readers as opposed to the traditional dedicated infrastructure that specifies a particular (often proprietary) standard for stock ticket, access control and payment readers. By contrast all NFC peers can connect to a third party NFC device that acts as a server for any action (or reconfiguration).
Each full NFC device can work in three modes: NFC Card Emulation; NFC Reader/Writer; and NFC peer-to-peer (P2P mode):
- NFC Card emulation mode enables NFC-enabled devices such as smartphones to act like smart cards, allowing users to perform transactions such as payment or ticketing.
- NFC Reader/writer mode enables NFC-enabled devices to read information stored on inexpensive NFC tags embedded in labels or smart posters.
- NFC peer-to-peer mode enables two NFC-enabled devices to communicate with each other to exchange information in an adhoc fashion.
Hackers can intercept data transmitted between contactless cards and payment terminals using easily available and portable electronic devices, a study of Surrey University researchers has found.
Focusing on the currently prevailing Near Field Communication (NFC) standards, used in most modern payment cards, the researchers have found that especially in crowded supermarkets, contactless data transmission is vulnerable to be intercepted by determined individuals. All that is required is a simple antenna, an off-the-shelf receiver and a laptop equipped with a digital acquisition card.
Despite the fact that the NFC standard officially requires about five centimetres, but still they can receive the same information as the terminal at the distance of 50 to 60 centimetres.
Although the reliability of the interception decreases with the distance, in the 50 – 60cm range, almost 100 per cent of the eavesdropping attempts performed by the researchers were successful. Even more disconcerting, however, is the fact that the equipment the team used was far from advanced.
The receiver, comfortably hidden in a backpack, could be connected to a simple loop of wire, a small metallic cylinder or even to a cage of a shopping trolley that functions as an antenna intercepting the data without raising any suspicion.
It has been the first time such simple equipment has been used in a study focusing on vulnerabilities of NFC and the team hopes the results will stir the debate about the vulnerability of the popular standard and encourage application designers to delve into the security aspects of the technology.
As this method of stealing private data attacks in the moment when the device needs to be in use, there is little an individual user can do to protect himself.
When the card is not at use, for example if it’s an NFC enabled mobile phone, one thing that can be done is to switch the NFC off until it’s actually needed.
Source : EANDT