NFC Hacks are Wack
Just about anything digital can be hacked. All it takes is a savvy geek with a criminal streak. As you wade into the waters of NFC's capabilities, you'll want to be aware of the risks you're taking lest you wind up drowning in newfangled digital dangers.
One risk rests with smart tags. For example, a tag embedded in a promotional movie poster ostensibly directs you to a film trailer. But hackers can corrupt or reprogram tags for their own purposes by breaking the tag's encryption and then loading their malicious code in the memory. So instead of seeing a trailer, your phone surreptitiously sends personal information to an unknown device via text message or other communication service.
Privacy concerns are also valid. When you buy groceries at a store and want to use your NFC phone to claim your loyalty points, the store's system clearly has to identify you, likely making a record of when and what you purchased, for the purpose of targeting you later with ads designed for your preferences. Yet there are no guarantees that some stores won't find a way to sell your information to third-party businesses, which might pay a steep price for that kind of juicy data.
To keep your data safe, you can take a few precautions. Don't tap any tags that aren't somehow physically protected, perhaps behind glass or plastic; those that swing freely in public places are much more likely to be tampered with.
When you do tap a tag, carefully watch your phone to see what actions the tag prompts. Often, there are suspicious, tell-tale prompts that appear (much like aggravating pop-up browser screens on your computer) serving as warnings that something is awry.
Don't bump phones to exchange information with people you aren't sure you can trust. A smart hacker with a big smile can potentially use this opportunity to transfer spyware to your phone.
You'll be relying primarily on software developers to add layers of password protection and encryption to their products and applications. But to stay ahead of the game and make yourself a much harder target, you'll want to stay up to date on potential security issues, on sites such as NFC News and NFC World.
NFC has a lot of promise in terms of simplifying and unifying all sorts of technologies, from payments to network connection setups. But like all evolving digital magic, personal protection is paramount, so educating yourself on security alerts could save you a lot of NFC heartache.
More Great Links
- Cavoukian, Ann. "Mobile Near Field Communications (NFC) 'Tap 'n Go' Keep it Secure and Private." IPC.on.ca. (Feb. 6, 2012) http://www.ipc.on.ca/images/Resources/mobile-nfc.pdf
- Dolphie, Gordon. Director of Marketing at Intel. Personal Interview. Jan. 27, 2012. (Feb. 6, 2012)
- Emligh, Jacqueline. "Smartphones are Turning into Wireless Wallets." Brighthand.com. Mar. 6, 2011. (Feb. 6, 2012) http://www.brighthand.com/default.asp?newsID=17577&p=3
- European Network and Information Security Agency. "Top Ten Smartphone Risks." Enisa.europa.eu. (Feb. 6, 2012) http://www.enisa.europa.eu/act/application-security/smartphone-security-1/top-ten-risks
- Lishoy, Francis, et al. "Practical Relay Attack on Contactless Transactions by Using NFC Mobile Phones." Eprint.iacr.org. 2011. (Feb. 6, 2012) http://eprint.iacr.org/2011/618.pdf
- Meyn, Hauke. Senior Principal System Architect at NXP. Personal interview. Jan. 25, 2012.
- Molen, Brad. "Engadget Primed: What is NFC and Why do We Care?" Engadget.com. Jun. 10, 2011. (Feb. 6, 2012) http://www.engadget.com/2011/06/10/engadget-primed-what-is-nfc-and-why-do-we-care/
- Mulliner, Collin. "Attacking NFC Mobile Phones." Mulliner.org. May 2008. (Feb. 6, 2012) http://mulliner.org/nfc/feed/collin_mulliner_eusecwest08_attacking_nfc_phones.pdf
- Planck, Seth. "Viaforensics Finds Google Wallet Security Vulnerability with a Rooted Android Phone." NFCrumors.com. Dec. 14, 2011. (Feb. 6, 2012) http://www.nfcrumors.com/tag/man-in-the-middle-attack/