Enjoyrfid Technical

NFC readers are a great piece of technology. Sadly, it has been poorly executed and has many security concerns. Most the security concerns have been “debunked” by credit card companies whom continue to push the technology. Theft using NFC on various RFID systems is open to compromise, but really all depends on how secure the user is with this information, The NFC must be passing active data to be hijacked or intercepted. So a malicious person cannot simply pass his or her phone passed your wallet and get information, unless there is an active data stream or connection to a reader. But there has also been workings to have more levels of authentication to ensure appropriate use.

Eavesdropping
Eavesdropping is when a criminal “listens in” on an NFC transaction. The criminal does not need to pick up every single signal to gather private information. Two methods can prevent eavesdropping. First there is the range of NFC itself. Since the devices must be fairly close to send signals, the criminal has a limited range to work in for intercepting signals. Then there are secure channels. When a secure channel is established, the information is encrypted and only an authorized device can decode it. NFC users should ensure the companies they do business with use secure channels.

Active Attacks
There are NFC attacks based on actively probing a card without the cardholder’s knowledge, and this is done outside of the context of eavesdropping on or intercepting a legitimate transaction. The idea is that you sit next to someone on the train, and a computer in your backpack attacks the victim’s card while it’s still in their wallet. The first demonstration of this was on Mobil’s SpeedPass, which was defeated this way long ago. Charlie Miller recently presented on this at the 2012 Black Hat.

Data Corruption and Manipulation
Data corruption and manipulation occur when a criminal manipulates the data being sent to a reader or interferes with the data being sent so it is corrupted and useless when it arrives. To prevent this, secure channels should be used for communication. Some NFC devices “listen” for data corruption attacks and prevent them before they have a chance to get up and running.

Interception Attacks
Similar to data manipulation, interception attacks take this type of digital crime one step further. A person acts as a middleman between two NFC devices and receives and alters the information as it passes between them. This type of attack is difficult and less common. To prevent it, devices should be in an active-passive pairing. This means one device receives info and the other sends it instead of both devices receiving and passing information.

Theft
No amount of encryption can protect a consumer from a stolen phone. If a smartphone is stolen, the thief could theoretically wave the phone over a card reader at a store to make a purchase. To avoid this, smartphone owners should be diligent about keeping tight security on their phones. By installing a password or other type of lock that appears when the smartphone screen is turned on, a thief may not be able to figure out the password and thus cannot access sensitive information on the phone.

While it may seem like NFC would open up a world of new security risks, it may actually be safer than a credit card. If a user loses her credit card, a criminal can read the card and find out the owner’s information. If that same person loses her smartphone and has it password protected the criminal cannot access any private info. Through data encryption and secure channels, NFC technology can help consumers make purchases quickly while keeping their information safe at the safe time.