Because the NFC technology is being used for payments, door locks, patient care and other applications, which have direct access to personal data or assets, there are concerns on how secure NFC technology really is.
As discussed in the previous post about NFC Device Architecture and Secure Element, the NFC technology has built-in Secure Element that allows for secure communication between the devices utilizing hardware and or software to secure transactions. In addition, there are several security techniques implemented that prevent unauthorized parties and devices to access, hijack and misuse the data. Let’s review the NFC security in more detail.
What kind of attacks are we talking about?
During Passive Eavesdropping the attacker listens in on the NFC transactions and gathers private information. He/she doesn’t have to get all data to be able to piece together enough information that would benefit him and endanger the victim.
Phishing or impersonation attacks
The attacker places an NFC tag over or instead of a legitimate tag, that after scanning by an NFC phone will divert the app or browser to a phishing website that looks like a legitimate website. It will record all your information that you enter and misuse it. Or it will automatically download and install a malware. Once the phone is infected, it can establish connection to an attacker’s server and can inform about the device location, transfer data on the device, record sounds or video or access the keychain with passwords.
Data Manipulation and Corruption occurs when the attacker manipulates the data that is being sent to a reader to either render the commands useless so that the transaction does not go through at all or so that different transaction goes through than intended by the victim. Some NFC devices can detect corrupt information and stop the transaction.
Man in the middle attack is similar to the data corruption attack and the attacker acts as a middleman between two NFC devices and receives and alters the information sent between them.
Theft of the physical device is the most obvious type of attack. When a phone is stolen, it could be waved in front of the reader (even when turned off) and used to make a purchase. Ensuring the NFC payment features works only when the phone is on and the passcode is entered would help eliminate this issue.
As with any technology there are many ways to penetrate it and misuse it, however, there have been great efforts to secure NFC as it has a great potential for widespread use due to the smart phone saturation of the population.
One of the methods implemented is Digital Signature (defined in the NFC Forum Signature RTD 2.0). The Digital Signature is a part of the NDEF message, which includes also a Certificate Chain and a Root Certificate. Basically, each NFC device has a private and a public key. Upon a “tap”, the NFC device A reads the NDEF record of the NFC device B that is signed with a private key, verifies the Signature on the NDEF record using public key of the NFC Device B that is saved in the certificate chain, and also verifies the Certificate chain using a trusted third party NFC Root Certificate. As long as the mobile device has an NFC root certificate, the signature can be verified off-line. Once all the verification is accomplished, the action is performed. Public keys can be signed by a third party (Certificate Authority) to create a certificate. The advantage of this method is that you can see the whole chain of trust during verification. Question is whether hackers can also get a digital certificate. And the answer is that they can but it would mean they could be tracked and their certificate could be revoked. On the NFC Forum blog, you can find a great explanation how this works in practice.
Another option is a Trusted Tag. This is a method developed by HID (a major HF and NFC tag manufacturer), and it is fully compliant with NFC Forum Tag Type 4 and works with any NFC Forum compatible device without requiring a special app. The trusted tag is unclonable and carries a cryptographic code that is generated by every “tap”. Regular tag would carry an URL that goes to a website or web service after the tap. This URL could be easily replicated. However, the Trusted Tag generates a new unique URL with a cryptographic code every time it is tapped, which is validated by the web server. If the URL was replicated (for instance written and read from a second tag or manually entered), it would not work for the second time. Therefore, if the URL is not accessed from a validated physical tap, the transaction can be denied by the server or just logged for later analysis.
In general, it is quite difficult to eavesdrop or manipulate the data due to the very short range of NFC communication without the victim noticing. In addition, payment systems are connected to credit cards that have security features already in place and as long as the issuer is notified of the theft or misuse, the victim is not responsible.
Are you worried about using NFC for payment? Why? Why not? Let us know!