movie poster with embedded smart tag

The smart tag in this poster supposedly directs your phone to a Web site with more information about the movie. But hackers can meddle with tags, which then tell your phone to perform destructive activities.

Courtesy NXP

Time for Your NFC Physical

Security experts stress that NFC doesn't come loaded with built-in, hardware-driven security measures. NFC is just a platform for establishing communication between two devices. But NFC's short range, in a sense, serves as a safeguard against hackers. In order to grab an NFC signal from thin air (called eavesdropping), an attacker would have to accomplish a few critical things.

First, he'd have to be close enough. Many NFC applications work at such short range that you virtually have to touch a smartphone to an NFC device in order to establish the connection. So a hacker could hope to brush up against unsuspecting people on the subway and do his version of digital pickpocketing, right?

Well, the NFC functions on your phone only go into active mode when you want them to. For instance, the chip will activate when you check out at retail store using an NFC terminal. The chip isn't even working when your phone is in standby mode.

Even if a hacker was close enough to you at just the right moment, he'd still need some serious luck. NFC signals are extremely sensitive in terms of direction. So sensitive, in fact, that if you turn your phone just slightly, it won't be able to read a smart tag. For a hacker to illicitly grab your signal, he'd have to somehow maneuver a hacking device's antenna into precisely the right angle.

Hackers might have a much easier time pilfering data through other means. Thieves could use the longer range of WiFi and Bluetooth signals and hunt for those that careless people fail to protect with passwords or any kind of encryption whatsoever. Bolder criminals can simply peer over your shoulder while you type your PIN and then grab your phone on the street.

Yet the onus for security falls on every link in the chain of NFC transactions, from hardware and software makers, right down to the end user, who needs to make smart, tech-savvy choices. On the next page see how a few protections can shield your NFC activities from evildoers.