The elephant in the room: how secure is NFC?
Filed under: mobile phone, nfc, Security, smart phone, technology
I wrote this blog with some hesitation – it is not intended to cause alarm, but rather to highlight the need to be careful with your information using NFC. Most people do not leave their front door wide open for anyone to just wander through their house. Nor do businesses leave their safe open for all to examine its contents. The same behaviour should be applied to NFC – don’t leave yourself open.
NFC works between devices that are within a few centimetres of each other. There have been cases of data attackers with very complex equipment, siphoning off data from a meter away from passive signals and up to 10 meters away from active mode devices. Again, I stress this is rare.
Developers (hardware and software) are constantly monitoring any possible security breaches and closing any holes that are identified.
The types of security issues may include eavesdropping, where a third party intercepts a data transmission and accesses the information. Encryption of data (eg Credit Card details) can render eavesdropping useless as the data becomes unreadable. Another security risk is a denial of service attack, where someone can intentionally block data transmissions by sending data that can corrupt the original data. Developers overcome a denial of service attack by encrypting the data stream and engaging secure data channels.
Downloading malware (malicious or malevolent software – used or created by attackers to disrupt computer operations, gather sensitive information, or gain access to private computer information – thanks Wikipedia!) is becoming an issue in mobile devices. Malware could be used to gather (or sniff) credit card data stored in or used by a smartphone. As with your personal computer – be cautious about the applications you download.
Growing in popularity are features such as Android Beam – where you can exchange information to another smartphone or NFC tag. A great way to share contacts or photos. However, I stress that it is important to know what information you have in stored in your device if you are going to leave this feature turned on. If you are concerned, my recommendation is be in control of data exchange – and turn it on when you want to use it.
Rest assured that as NFC grows in popularity – and it will – developers will build in even greater security to protect your information.
If you use NFC, we’d love to hear about your experiences. Please feel free to share your thoughts with us in the comments box below.
How do you use NFC?
Related Links
shouldn’t the question be how do i want to use NFC, not how do I use it ? I personally really cant use it at present for anything worthwhile, at present it’s still too new. I would love to use it (and yes the risks and security is a very real concern with me btw) for paying for coffee, buying myki tickets, finding out more about something (either print ad, poster, in store specials/deals/loyalty card) etc but none of this really exists yet.
Hi eins – that’s a great point. We’ll work on another blog post soon on this very topic. Thanks for the idea.
The problem is that NFC was not build as a secure standard. Any attempts at making it more secure involved adding extra layers on top of it, which means more costs involved in implementing.
Put simply, it was not a well designed technology. There are good reasons that it hasn’t taken off, despite having been around for over six years.
See http://en.wikipedia.org/wiki/Near_field_communication#Security_aspects for more information.
It is a bit scary with all of the security threats are out there for all kinds of devices. We all think that our mobile devices are invincible.