How much of a security vulnerability is created by NFC (Near Field Communications)?

henyfoxe

At Black Hat, one thing that came up was security issues related to NFC (near field communications) on mobile devices. This is an area of concern that is new to me. As NFC becomes a standard feature on more devices, how much of a risk does it really pose?

Topic: Security
Answer this Question

Answers

3 total
Ken Mages
Vote Up (15)

NFC is merely a transport layer and in and of itself, has NO bearing on security.  It's like asking how much the Apple dock or USB affects security.  Good apps and tamper proof hardware are the only preventions to security breaches. 

jack12
Vote Up (12)

I think comparing NFC to a USB port is a little glib.  To make it more comparable, I would say there is no more risk from NFC than letting a stranger connect to a USB port.  Admittedly, you would probably notice the cable, whereas is it a little harder to get a visual on radio communication.  The short range of NFC does minimize the risk but minimal does not equal zero.  For example, ATMs are relatively safe, but skimmers do exist.  Of course NFC is only an attack vector, but it potentially could allow one to reach the actual attack surface, such as the browser. 

jimlynch
Vote Up (11)

Here's a good background article on NFC, including the security part of it.

Near field communication
http://en.wikipedia.org/wiki/Near_field_communication

"Near field communication (NFC) is a set of standards for smartphones and similar devices to establish radio communication with each other by touching them together or bringing them into close proximity, usually no more than a few centimetres. Present and anticipated applications include contactless transactions, data exchange, and simplified setup of more complex communications such as Wi-Fi.[1] Communication is also possible between an NFC device and an unpowered NFC chip, called a "tag".[2]

NFC standards cover communications protocols and data exchange formats, and are based on existing radio-frequency identification (RFID) standards including ISO/IEC 14443 and FeliCa.[3] The standards include ISO/IEC 18092[4] and those defined by the NFC Forum, which was founded in 2004 by Nokia, Philips and Sony, and now has more than 160 members. The Forum also promotes NFC and certifies device compliance.[5]"

Ask a question

Join Now or Sign In to ask a question.
A company that specializes in selling information on software vulnerabilities has reignited a debate over the handling of such information, especially when it pertains to privacy-focused tools.
Developers of Tor software believe they've identified a weakness that was scheduled to be revealed at the Black Hat security conference next month that could be used to de-anonymize Tor users.
Email encryption startup Virtru has launched a version of its service for businesses using Google Apps, a market segment that the company thinks is showing increased interest in secure communications.
Researchers have concluded that those billions of connected devices could help save lives in the event of disaster, even one that knocks out the Internet
Goodwill Industries International said Monday federal authorities are investigating a possible payment card breach at its U.S.-based retail outlets.
A presentation on a low-budget method to unmask users of a popular online privacy tool, TOR, will no longer go ahead at the Black Hat security conference early next month.
Three stealthy tracking mechanisms designed to avoid weaknesses in browser cookies pose potential privacy risks to Internet users, a new research paper has concluded.
It's not just dissidents looking for anonymous email, but everyday people who'd rather not reveal their true identity.
In its quest to help enterprises seek out and neutralize all threats to their Wi-Fi networks, AirMagnet is now looking to the skies.
This reduces time-to-mitigation for numerous types of events.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

randomness