In the last five years, Near Field Communication (NFC) technology has arguably been a very important addition for businesses. In addition to its simplicity, NFC is very versatile and can be used for a wide range of purposes.
One of the most popular application of the Near Field Communication Technology is processing payments. Once a business has the right equipment in place, customers with NFC-enabled devices such as smartphones and cards can easily pay for goods and services. During checkout, the customer holds their phone or card close to the reader, and the transaction is processed automatically. This eliminates any delays and enables businesses to process more payments in a given amount of time.
Other than processing payments, NFC is also used for access cards and tracking products between manufacturing and transportation. This is why the sector has been growing exponentially in the last few years.
NFC is able to support such applications as it allows easy transfer of data between NFC devices that are close to each other. To process payments, financial data must be transferred, which is very sensitive. With the ever-increasing cases of cyberattacks, one has to wonder; how secure is NFC?
In this article, you will learn about the security aspect of Near Field Communication.
Why Is Data Security Important?
Digitization has brought numerous benefits that make companies more efficient and reduce the cost of operations. However, it has also come with the biggest challenges organizations face today : cybercrime.
In order to serve customers well, organizations need to collect and store data. This includes financial, contact, and medical information, as well as their addresses. In the wrong hands, this information can be used to compromise them. Due to the increasing number of such instances, regulators are putting stringent data security and privacy laws in place.
As such, any breach of customer information can be accompanied by high non-compliance fines as well as lawsuits from your customers. Therefore, before adopting any technology that will interact with sensitive data, it is important to consider the security aspect.
Moreover, data security is highly important for any business. Would you still buy transport tickets if they were easily faked ? Companies take security measures simply because it is absolutely necessary for their business to work.
Near Field Communication and Security
In essence, NFC is a simple technology used to connect two devices. Each device must have an NFC chip that will be used to establish a connection and facilitate the transfer of data with other NFC-enabled devices.
However, this does not necessarily make it susceptible to attacks or breaches. On the contrary, its core features make it safer than alternatives. Some of the regular threats to consider include:
Eavesdropping is one of the main security concerns that people have with Near Field Communication. It occurs when a third party intercepts signals between two devices sharing data. In theory, if a customer uses their e-wallet to pay, and the signals are intercepted, the third party will access the customer’s financial information.
However, the chances of NFC data being compromised through eavesdropping are quite low. The solution lies in the simplicity of the technology. For NFC devices to share data, they must be very close to each other. Usually, this distance is 1 inch. Therefore, for a hacker to get any chance to intercept the signal, they must also be very close to the customer.
It is still possible for individuals with malicious intent to get close to NFC-enabled devices in places like the subway. They will still be unable to eavesdrop and access data. This is because NFC signals are only transmitted when the device is activated for a transaction.
Even if the communication could be intercepted, it would be impossible to exploit the captured exchanges because they are encrypted.
Phishing is a form of cybercrime used to steal user data such as credit card numbers and login credentials. The attacker reaches out to the user as a trusted entity to get them to click a malicious link with which malware can be installed or system frozen for the case of ransomware attacks.
To compromise NFC in such a way, hackers have to swap NFC tags with theirs or have it placed above. When users scan their phones, the app will be directed to a phishing website that looks genuine. Malware will be automatically installed, or all the information entered in the phishing website is recorded.
Once a phone is compromised, the hacker can establish a connection with it via their server. They will then be able to gain sensitive information such as device location, record videos and audio, transfer data on the device, and access the keychain with passwords.
However, such a threat is still highly unlikely. Suppose a hacker can replace an NFC reader in an institution without being spotted. It will not be too long before it is noticed as there will be delays in processing payments.
Passive NFC tags are only a memory associated with an antenna, with possibly a processor to manage communication and cryptography. Tags can be secured by encrypting data, checking their integrity and preventing the tag from being ripped off.
- Data encryption: data can be stored encrypted in the tag memory, and the reader is responsible for decrypting it with the application. The data can also be encrypted “on the fly” by the tag, in the case of exchange with different types of applications. In this case, the tag must have a cryptographic processor, which is more expensive.
- Data integrity: in order to verify that the data has not been modified or that the tag has not been replaced by a fake, there are integrity verification schemes based on a secure signature (e.g. NFC Forum RTD signature) and/or an integrity check using a web service.
- Anti-tearing: to prevent their removal, the tags can be sealed in the material (non-conductive of course) of the tagged object, and may include self-destruction devices in case of physical removal, called “anti-tearing”.
Data manipulation occurs when an attacker interferes with data being sent to a reader. This is done to either make commands ineffective or to prompt a different transaction than what the user intends. Another similar type of attack is called ‘man in the middle attack.’ This is where the hacker acts as a middle man between two devices, altering the signals being sent.
Features such as proximity make these types of attacks highly unlikely. Moreover, NFC devices are being equipped with the ability to detect corrupt information and stop such transactions.
The most likely threat that users face regarding NFC is having their phones stolen and being used to make purchases. Fortunately, this can be easily addressed by setting the NFC feature to work only when the phone is on, and the passcode has been entered.
Enabling password lock on your mobile device prevents the access to NFC if your device is stolen.
How Secure IS NFC?
As with all other technologies, Near Field Communication has its vulnerabilities. However, its design to function only when devices are close to each other makes it very secure. There are also additional security measures, such as the use of digital signatures for authentication.
For businesses, NFC offers convenience and increases efficiency.