Be careful with apps using NFC

Anyone developing new applications that use the new contactless debit/credit cards and Near Field Communications technologies need to be aware that the `near field’ in question is bigger than imagined, and poses a security problem

  • 11 years ago Posted in

Most people who are scammed while using a credit card are at least, however unwillingly or involuntarily, in some party to the crime by the process of using their card. But the new contactless payment cards that banks have started to dish out would seem to be a cause for a new concern.

They seem to open to attack in ways that are well beyond the control or any level of responsibility of the user, except perhaps by the simple act of having one about your person rather than locked up a Faraday Cage.

Warnings about the use of contactless payment cards and Near Field Communication (NFC) capable devices have been raised in a study published today by the Institution of Engineering & Technology’s (IET)The Journal of Engineering.

NFC technology is in use on more recent mobile phones and on contactless debit/credit cards issued by UK banks. 

A team of researchers from the University of Surrey successfully received a contactless transmission from distances of 45-80cm using inconspicuous equipment, highlighting security concerns to personal data.

The team used portable, inexpensive and easily concealable equipment including a pocket-sized cylindrical antenna, a backpack, and a shopping trolley, none of which would raise suspicion if used in a supermarket queue or in a crowded place.

Using this equipment, the team showed how reliably eavesdropping could be carried out at various distances, with good reception possible even at 45cm when the minimum magnetic field strength required by the standard is in use.

The implications for consumers are significant. “The results we found have an impact on how much we can rely on physical proximity as a 'security feature' of NFC devices", said lead academic supervisor, Dr Johann Briffa. "Designers of applications using NFC need to consider privacy because the intended short range of the channel is no defence against a determined eavesdropper.”

Eleanor Gendle, IET Managing Editor at The Journal of Engineering, said: “With banks routinely issuing contactless payment cards to customers, there is a need to raise awareness of the potential security threats. It will be interesting to see further research in this area and ascertain the implications for users of contactless technology with regards to theft, fraud and liability.”

New state-of-the-art data centre features Vultr’s first AMD GPU supercompute cluster.
Only a quarter (25%) think their approach to the cloud is carefully considered and successful.
Moving to AWS Cloud will enable The Co-operative Bank to adopt cutting edge IT Infrastructure.
The global airline group will upgrade the value of its data and get its AI & generative AI ready...
Barracuda Networks’s award-winning Email Protection and Cloud Backup security solutions will be...
Leading company in renewables to leverage HPE’s unique turnkey AI infrastructure solution to...
The four-year project extension focuses on cloud transformation and enhanced operational efficiency...
Businesses in the UK are risking slower development as they fail to fully embrace technologies that...