The elephant in the room: how secure is NFC?
I wrote this blog with some hesitation – it is not intended to cause alarm, but rather to highlight the need to be careful with your information using NFC. Most people do not leave their front door wide open for anyone to just wander through their house. Nor do businesses leave their safe open for all to examine its contents. The same behaviour should be applied to NFC – don’t leave yourself open.
NFC works between devices that are within a few centimetres of each other. There have been cases of data attackers with very complex equipment, siphoning off data from a meter away from passive signals and up to 10 meters away from active mode devices. Again, I stress this is rare.
Developers (hardware and software) are constantly monitoring any possible security breaches and closing any holes that are identified.
The types of security issues may include eavesdropping, where a third party intercepts a data transmission and accesses the information. Encryption of data (eg Credit Card details) can render eavesdropping useless as the data becomes unreadable. Another security risk is a denial of service attack, where someone can intentionally block data transmissions by sending data that can corrupt the original data. Developers overcome a denial of service attack by encrypting the data stream and engaging secure data channels.
Downloading malware (malicious or malevolent software – used or created by attackers to disrupt computer operations, gather sensitive information, or gain access to private computer information – thanks Wikipedia!) is becoming an issue in mobile devices. Malware could be used to gather (or sniff) credit card data stored in or used by a smartphone. As with your personal computer – be cautious about the applications you download.
Growing in popularity are features such as Android Beam – where you can exchange information to another smartphone or NFC tag. A great way to share contacts or photos. However, I stress that it is important to know what information you have in stored in your device if you are going to leave this feature turned on. If you are concerned, my recommendation is be in control of data exchange – and turn it on when you want to use it.
Rest assured that as NFC grows in popularity – and it will – developers will build in even greater security to protect your information.
If you use NFC, we’d love to hear about your experiences. Please feel free to share your thoughts with us in the comments box below.
How do you use NFC?