Near-Field Communication (NFC)
Near-field communications (NFC) is a standard for two-way radio communications over very short (around four inches) distances.
- is a peer-to-peer version of RFID
- an NFC device can work as both tag and reader to exchange information with other NFC devices.
- normally works at up to two inches (6 cm) at data rates of 106, 212, and 424 Kbps
- NFC sensors and functionality are incorporated into smartphones
- used for
- contactless payment readers
- security ID tags
- shop shelf-edge labels for stock control
- to configure other types of connections
- e.g., pairing Bluetooth devices
- “smart” posters
- user can tap the tag on a poster to open a linked webpage via information coded in the tag
- NFC transaction is sometimes known as a bump
NFC Wireless Connections
- mobile devices have NFC chips built in
- allows for very short-range data transmission to activate a receiver chip in the contactless reader
- up to about 20 cm/8 in
- data rates achievable are very low
- allows for very short-range data transmission to activate a receiver chip in the contactless reader
- On Android, NFC can be enabled or disabled via settings
- device must be unlocked to initiate a transaction over a certain amount
- can be used to configure other types of connection, such as pairing Bluetooth devices
- E.g., if a smartphone and headset both support NFC, tapping the headset will automatically negotiate a Bluetooth connection
Wireless Mobile Payments
- NFC allows a mobile device to make payments via contactless point-of-sale (PoS) machines
- user enters their credit card information into a wallet app
- wallet app does not transmit the original credit card information
- a one-time token that is interpreted by the card merchant and linked back to the relevant customer account
Security
- Attacks could be developed using vulnerabilities in handling the tag
- possible to exploit NFC by crafting tags to direct the device browser to a malicious webpage
- attacker could try to exploit vulnerabilities in the browser
- NFC does not provide encryption
- eavesdropping and on-path attacks are possible
- if attacker can intercept the communication and the software services are not encrypting the data
- eavesdropping and on-path attacks are possible
- vulnerable to several types of attacks
- Certain antenna configurations may be able to pick up the RF signals emitted by NFC from several feet away
- allow an attacker to eavesdrop from a further distance
- attacker with a reader may also be able to skim information from an NFC device
- attacker may also be able to corrupt data as it is being transferred through a method similar to a DoS attack
- by flooding the area with an excess of RF signals to interrupt the transfer
- Certain antenna configurations may be able to pick up the RF signals emitted by NFC from several feet away
Info
Skimming a credit or bank card will give the attacker the long card number and expiration date.
- Completing fraudulent transactions directly via NFC is much more difficult
- attacker would have to use a valid merchant account
- and fraudulent transactions related to that account would be detected very quickly