Security Risks of Near Field Communication

As a technology which will likely soon become an important part of our daily lives, Near Field Communication is something with which we should become familiar. In order to fully understand the potential uses of NFC, it is important to understand exactly what it is. With this understanding, we can then come to a fuller understanding of the risks inherent in the use of NFC and, finally, what we can do to avoid these risks as we begin to pay for merchandise and transfer information in this new, exciting way.

What is Near Field Communication?

Near field communication, abbreviated NFC, is a type of contactless, wireless technology used for sending information or making payments. By embedding an NFC chip inside a smartphone, a company can create a virtual wallet where users store credit card information and can pay at a store simply by waving their smartphone over a credit card reader. In 2004, companies Sony, Philips, and Nokia created the Near Field Communication Forum to set standards of development and use for this emerging technology. NFC is similar to radio-frequency identification or RFID. A small NFC chip inside a smartphone or other device generates an electromagnetic field. This field is received by an NFC tag found in a card reader, a smart poster, or even on an advertisement. The tag contains information and, using the electromagnetic field as its power supply, sends this information to the smartphone.

Security Risks of NFC

With this new contactless technology set to become an important part of our lives, people have some valid and understandable security concerns. When using new technologies, the best way to protect yourself against potential pitfalls is to know the risks associated with them.

One of the most common concerns with NFC technology is that of eavesdropping. Eavesdropping occurs when a third party intercepts the signal sent between two devices. If that third party intercepted a data transmission between a smartphone and a credit card reader then, in theory, they would have access to that person’s credit card information. They might also pick up other personal information passed between two smartphones.

Another security concern is data manipulation or corruption. This occurs when a third party intercepts the signal being sent, alters it, and sends it on its way. The information the receiving party gets may be corrupt or modified. The attacker may or may not want to steal the information. In some cases, the attacker simply wants to prevent the correct information from getting through. This is often known as a denial of service attack.

Finally, the last of the security comes in the form of viruses. While smartphone viruses are currently few and far between, they are growing. Security companies have pointed out that when smartphones provide little financial gain for hackers, they are targeted less. NFC technology would allow users to store valuable bank account and credit card information on their smartphones, thus making them a target.

  • NFC compatible devices can only communicate when they are within four centimeters of each other.
  • NFC tags do not power themselves. Instead, they rely on power from the smartphone or other device interacting with them.
  • The first smartphone virus, a Trojan, was detected in October 2010 and several more have appeared sinc

Preventing Security Risks with NFC

Despite the risks, NFC technology is valuable for the convenience it offers consumers. One person can access all their payment information and make purchases on several different credit or debit cards all with the wave of a smartphone. To protect users against these security risks, several measures have been taken. Users can also take their own precautions to protect their personal information.

First, the design of NFC discourages security issues. While they can still occur, it is typically more challenging to steal credit card information through this type of data transfer. The person stealing the info would need to be very close to the smartphone sending it since the signal does not carry very far. Secure channels are used for sending sensitive information, making them hard to access. In the event that a hacker did make it past these security measures to steal the information, the information itself is encrypted. Encryptions prove very difficult to crack and the information would likely be useless to the hacker.

For users to reduce their risks of having their information, or even their physical smartphone itself, stolen and used to make purchases they did not authorize, they should password protect their smartphones and install anti-virus software. The anti-virus software protects against viruses and other attacks from malicious programs that the user may accidently download onto the smartphone. Having a password on the smartphone protects it in the event of a physical theft. The thief cannot unlock the phone and therefore cannot use it to make NFC payments.

  • NFC allows the user to make payments and share information with friends. It can even act as a subway or concert ticket.
  • NFC is very similar to Bluetooth but offers faster and easier connections between smartphones.
  • The NFC Forum does not offer protection against eavesdropping attacks, making it even more important for consumers and businesses to take preventative security measures.

References

NFC Applications for Everyday Life
NFC Security
Studies on Privacy and Near Field Communications
Security in Near Field Communications(PDF)
Engadget Primed: What is NFC, and Why Do We Care?
Security Concerns Dog Near Field Communication Technology