How to avoid the hack into a NFC communication?

Is a NFC communication really safe?

In a previous article, we talked about the fact that NFC technology is theoretically the best suited channel to communicate the authentication key required for a private network.

It is largely admitted that this technology protects us from hacking thanks to its short communication distance. After all, NFC works at a distance less than 10 cm so if somebody interfered between you and your card, he would be noticed!

Different types of attacks

However, for the past ten years, much university research has shown that it is possible to listen to a 13.56MHz NFC or RFID communication up to a distance of 30 to 40m. This type of attack is named 'eavesdropping' and makes illusory that communication using this technology is confidential.

To communicate safely without being frightened of being tracked, the use of cryptography is needed to cypher data exchanges. To know more about his topic, click here.

Another kind of attack is more simple to do thanks to Android smartphones supporting NFC and HCE (host card emulation) modes: it is called 'relay attack'.

In this case, two hackers take advantage of crowds and public spaces. The first could go unnoticed right beside you. His smartphone is close enough to communicate in NFC mode with the card in your pocket. The second hacker then holds his own smartphone in front of your company's badge reader or in front of a NFC payment device. Thanks to a software playing the role of a relay between the two smartphones, and thanks to the speed of WiFi or 4G communication network, the reader is then misled and identifies the hacker's smartphone as your card. A door is opened or a payment is made while you are at the other part of town or even on the other side of the world... To know more about this concept, read this.

Control the risk thanks to SpringCard's experts

These two kinds of attack are very simple to do, and show that a near field communication can’t be wholly secure, per se. In the same way an IT system is secured by actions on high stacks (HTTPS, SSH…) and not by actions on the cupper string, a NFC system is secured on the applications level.

SpringCard's experts regularly keep an active watch on research and master the security templates by exploiting securised smart cards such as Desfire et Mifare Plus cards.

So don't hesitate to call us to be sure that your safety is smooth and guaranteed!