With all the coolness that smartphones have to offer these days, it’s hard to imagine there’s more to come with yet-to-be added technologies. One that’s already been on scene for a few years already is just now really getting our attention. It’s called “Near Field Communication” (NFC). Many of today’s smartphones are designed with NFC chips installed, enabling apps to act as many things, most commonly allowing them to be used as debit or credit cards for point of sale transactions. Users can do things like pay for products or services by simply waving their phone or mobile device in front of a compatible scanner. NFC-enabled devices can be held up to an ATM machine or cash register and a transaction is completed. This trend is leading towards the consolidation of everything you need to carry into one device, effectively removing the need to carry a wallet or pocketbook containing your credit or debit cards, or even cash!
NFC data exchange takes place when devices are within a few inches of each another. Like Bluetooth and Wi-Fi, NFC allows wireless communication and data exchange between digital and mobile devices. NFC enables communication with other devices or hardware that contain a near field communication tag. Users initiate the sharing of information between devices by swiping within a few inches of the two devices or by literally performing a bump. “Bump” is also the name of a popular mobile app that utilizes the NFC technology: it’s developed by Bump Technologies, Inc. The Bump app lets users share pictures, files, music, and contact information. It also lets users wirelessly share information from their mobile device with their PC. Other NFC applications in Europe allow travel papers and passports to be stored and paid for using the technology. Other uses of NFC technology include NFC-activated locks, which offer a different way to secure buildings. There are also NFC applications to facilitate emergency management.
NFC lets users obtain and exchange information with amazing ease. Neither Internet connectivity nor cellular services are needed. NFC uses electromagnetic radio fields instead of radio signals used by Wi-Fi and Bluetooth communications. This growing technology establishes a secure channel and uses encryption while sending sensitive information. The design of NFC minimizes security concerns for several reasons. First, because the signals do not carry very far, a thief would have to be in very close proximity to the smartphone transmitting the data in order to intercept the signal. Plus, the devices with NFC tags rely on the power supplied by the mobile device in order to interact. Also, the channels used for sending sensitive data are secure and the data is encrypted, which is not easy to decode, and scrambles the information for a would-be thief. Finally, smartphone manufacturers are constantly improving the cryptography and authentication protocols used in NFC-enabled devices. But in spite of all of these safety features, NFC technology is not without security risks.
When a third party intercepts the signal sent between two devices and gains access to the data being transmitted it is referred to as eavesdropping. It’s possible to obtain bank and credit card numbers, personal information such as driver’s license numbers, Social Security numbers, and other personal information without the owner’s knowledge or permission. The information can be obtained if a data transmission between a smartphone and a credit card reader, or between two smartphones, is intercepted. One safeguard is to encrypt the data being transferred.
DATA DISRUPTION, MODIFICATION, MANIPULATION, OR CORRUPTION
Data can be intercepted by a “man-in-the-middle” (MITM) security attack, and then read, recorded, modified, altered, or corrupted, and sent it on to the receiving party. The hacker may not intend to steal the information but might just want to stop the accurate data from reaching the intended recipient by blocking the channel. This is often referred to as a “denial of service” attack. It’s usually difficult for these types of attacks to be successful on an NFC link because of the short distance capability of the communications. A secure communication channel is the most effective way to protect against this type of attack.
Mobile malware and viruses could have the ability to read nearby NFC tags and send data, such as credit card numbers, to the hackers. And as more people utilize digital wallets and NFC transactions, mobile malware and virus outbreaks will be on the rise to take advantage of the increased opportunities. Like bees to honey, the more users choose to store sensitive financial and banking information on their phones, the more those devices will be targeted by digital thieves — all with the ability to detect and steal that sensitive data.
Although less common, some attacks can cause the mobile device to crash or uncover vulnerabilities that enable and attacker to gain full control of the device.
Users can and should also take their own precautions to protect their personal information. One of the most overlooked, but probably the greatest source of vulnerability, occurs when smartphones or mobile devices are left unattended for short periods of time. That’s when information can be stolen from smartphones. A little more attention and care can go a long way to protecting your information. Some other suggestions include:
- Password protect your smartphone and make sure your phone screen is locked when not in use. That way, if your device is ever lost, stolen, or misplaced, your information can’t be accessed and unauthorized purchases or sharing of your information can be prevented.
- Use an additional pin or password when making any NFC transaction for increased security.
- Don’t choose to store your username or log-in ID in apps on your mobile device.
- Be careful when choosing which apps to download, depending on the operating system your device uses and its respective app store. Far more malicious applications are found in the Google Play store than the Apple iTunes AppStore, mostly because of the differences in app review and approval processes between the two (none vs. very stringent).
- Use mobile antivirus software and keep it up-to-date at all times.
- Install security apps. Some can automatically take a picture of a thief attempting to access your smartphone’s contents and either store it for you to see once the device is recovered or possibly to automatically email it to you.
- Only open links to sites that you know are safe and trustworthy.
Now that you’re aware of NFC technology and the things you can do because of it, enjoy the convenience it affords us — just beware of the potential risks and exercise a bit of caution. Mobile app developers will continue to improve NFC security through their coding, development practices, and by continuously testing the security of their apps. Meanwhile, it’s widely believed that the risks of NFC technology really aren’t any greater than those associated with typical credit card transactions. So, in that case, embrace the future and swipe and bump away.
Bump ya later!