Our mobile devices are used for communication, entertainment, and now for near-field applications. In this video, you’ll learn about near field communication and how this may change our perspective on mobile security.
<< Previous Video: Wireless Packet AnalysisNext: Wireless Replay and WEP Attacks >>
A relatively new networking technology that’s important to everybody who needs to protect their information is something called near field communication, or NFC. This builds on the legacy RFID technologies, whereas RFID was one way communication, NFC is a two way communication. And usually it’s between a mobile phone or mobile device and some other third party device that you’re communicating with. As the name implies, there doesn’t even have to be a physical connection, you just need to get near the other device so that those two devices can then transfer information between them.
You see this being rolled out today with something from Google wallet and MasterCard, they’re trying different ways of enabling these payment systems where you simply wave your phone at a payment system like this and it will transfer the proper amounts to that. You could also see this in use when you’re starting up something like a Bluetooth connection and NFC could start or bootstrap that process to make the Bluetooth pairing work much easier than it’s been in the past. We could also use this to gain access to a room through a lock. We all have our phones with us, instead of carrying around an access card or a smart card, we can simply wave our phone at a door lock and gain access into the room that way.
From a security perspective there are a number of concerns dealing with the NFC technologies. First off this is a wireless network communication. So it is possible to capture that communication and then be able to do something with the information that was gathered. Although it’s a very close communication that’s required to complete this NFC, when you’re in the right place with the right type of antenna, it could be as far as 10 meters away and still be able to see or hear the information that was transferred during that transaction. Another security concern is relating to denial of service.
If this is something that can gain access into a room, we could then send a frequency to jam the NFC communication. And although you were right there next to the door and you had your phone and it was very close, you still would not be able to gain access into those resources. Just like any other network, you also have the concern of a man in the middle attack. So the man in the middle could be relaying information between what may look like a legitimate NFC end point and the actual NFC device. Or it could be a capture of information and then a replay of that information into that wireless NFC network.
And of course, if we lose our phone and no longer have access to it, somebody may be able to gain access to our lost phone and then use that to gain access to a door or to pay for items using that NFC technology. So although in NFC does provide us with some ease of use when we’re performing financial transactions or gaining access to resources, we still have to be aware of some of these security concern surrounding the technology.