Thursday, August 9, 2012

Near Field Communication (NFC) Attack


The NFC Forum's N-Mark logo for NFC-enabled devices
Most attacks to user systems (laptops or mobiles) are usually a result of some user action like opening an email attachment, surfing to malicious websites, downloading malicious files or accepting bluetooth messages. But now a user can be attacked WITHOUT DOING ANYTHING. This is with the help of the new technology "Near Field Communication" (NFC) that an attacker can use to instruct someone's mobile device to open the web browser and go to an attacker specified web link. Unlike other attacks where the attacker may be sitting miles away or even a few meters away in case of bluetooth, here in the case of NFC the attacking device has to be in very close proximity (a few centimeters) probably touching each other.

If you are hearing about NFC for the first time, it is a new standard for radio communication between mobile devices touching each other or being at a very close proximity. It is available today in many handsets from major vendors like Nokia, Blackberry, Samsung, Motorola, LG etc. NFC can be used to make payments by swiping mobile device at stores, buying train / bus tickets or just sharing information with friends by bumping phones.

A well known security researcher Charlie Miller has figured out a way to break into some devices like Google/Samsung Nexus S and Nokia N9 by means of NFC, this was demonstrated at a recent Black Hat Conference. According to NFC Forum there is no inherent flaw with NFC, however implementation issues need to be addressed as attackers can exploit operating systems and applications that implement NFC like the Android Beam and Nokia's content sharing and Bluetooth pairing.

We need to wait and watch for more security vulnerabilities related to this new technology.


For more reading on this topic:
http://www.networkworld.com/news/2012/072612-researcher-wows-black-hat-with-261162.html
http://www.informationweek.com/byte/news/personal-tech/wireless/240004386
http://www.nfcworld.com/2012/08/01/317100/forum-responds-to-black-hat-presentation-on-nfc-vulnerabilities/

1 comment:

Unknown said...

very nice and very most information RFID4U