The Unseen Messenger: NFC
The connectivity trivia goes all the way from the pigeons to Wi-Fi, and presently, the Near Field Communication.
Before moving on to the issues of NFC, let us delve into
What is Near Field Communication?
The cashless transactions enabled using Samsung Pay, Apple Pay, and the Paytm NFC card, the ticket token counters at the entrances of railway stations, and the simple phone to phone transfer of files, draw the ubiquitous nature of NFC. In layman’s words, it’s the way chips speak to one another, with the lowest latency, and in proximity. The Mechanism, or NFC, is based on Electromagnetic Induction (all thanks to Faraday) called Inductive Coupling. There are two devices used. Each device is enabled with the NFC chip, which is similar to the RFID tags present. They modulate the electromagnetic field of the loop antennas to connect with each other. There are two types of communication modes-
- In the passive mode, the initiator device produces the RF field, and the target device modulates it. The target device is not powered on its own, unlike the initiator. It derives its power from the modulated field.
- In the active mode, both the devices are powered to produce their own RF fields.
The transfer of information is followed by certain protocols- commonly called the NFC protocol. The details provide the frequency of operation to be 13.56 MHz. Moving on to the security credentials, and plausibility of these- manufacturers have guaranteed, a near attack free mode of communication. For example, the Samsung Pay technically has multiple unique levels of encryption and security keys to ensure that the credit and debit cards are qualified from the vulnerability. The fundamental reason given is the minute range of communication- ranging from 10cm to 15cm. As a result, it becomes difficult to tap the information.
Alas, there are security issues.
The BANE of giving as much power to a chip:
1. When the air you breathe is the same as the air the hacker also does
One of the reasoning given by the theorists is that- the NFC is an extremely short range of communication- 15–20 cm. The antenna is extremely sensitive and directional. Hence, the hacker needs to be uncomfortably close, or a close acquaintance to procure the credentials. However, hackers have found themselves in the frenzy of snatching information, despite the satisfying range. The antenna used is a loop antenna. The pattern of the loop antenna is not directional. As a result, the rays can propagate, over a range more than intended, and can effectively be “caught in the air”.
The range that hackers are claiming is nearly 5m away from the phone. The eavesdropper is technically placed at the same location as the person who is transacting. That sounds even more threatening. Data can also be manipulated by a middleman before sending it to the receiver.
My Take for the solution: Looking at the abundance of the NFC tags, though the cash transactions, seem the one everyone is worried the most about, it is better to use a shield, at the place of transaction. This isolator/shield can effectively confine the rays from the antenna to the receiver- like a wall. The stray rays themselves will be attenuated.
2. The insecure Wi-Fi:
The Wi-Fi gives a wide ocean for hacking and tutorials present on the internet provide a good source for hacking into the phone and getting the information from it. This encompasses the NFC. Thus the phones which use NFC need to have a better-suited Wi-Fi source, which they can connect to. Open networks pose the greatest threat. Moreover, the NFC devices also can connect directly to the Wi-Fi networks without the need for authentication. As a result, if the hacker sets up the Wi-Fi, he can lurk in the corner and lure into the phone.
3. The lack of authenticity to the connection
Unlike Bluetooth, which requires a secure password for connection with the devices, the NFC does not require any form of authority to connect with another phone. When the NFC turns on, it checks around for other NFC enabled devices in its vicinity to set up the connection. As a result, if the NFC has connected with a virulent phone, there is a potential chance of addition and deletion of information from the user’s phone. Again all the hacker has to do is, make sure he is close to the person’s mobile. Once he has established connection, the coffers have been opened effortlessly to the thief.
One of the solutions could be to switch to the NFC, when not in use.
4. Tags here, tags there, tags everywhere
Every direction you turn is emblazoned with numerous NFC tags, increasing the skepticism by the cynics. The NFC tags themselves could be tampered with, giving the hackers an easy road towards the phone. Hence, it is always better to not tap the phone across the unauthorized tags, which can easily upload malware, to the phone. If the phones are in active mode, hidden tags can intentionally be used to add maleficent data into the phones.
5. The case of a cashless transaction
Though there is some level of encryption provided by the pay apps nowadays, there is always some kind of leak somewhere. When there is data transfer, the information is being used by the receiver. If the devices are in active mode, the hacker can potentially pick the bank details from the receiver itself. Moreover, the receiver may prompt the user with new pop-ups and recommendations that may require forwarding the sensitive information. Background apps can also have access to the same. It is better to clear the RAM and close the apps, before switching on NFC. Sometimes data is tunneled through them.
Other forms of sordidness include interception, theft of the mobile phone.
It is often better to be wary rather than repent after the disaster. Updating apps often can improve encryption security. It is advised to enable passwords ( like face recognition) and general security to phones, which can avoid the snatchers from opening the phone (this is also may seem trivial). Usage of apps that are perfectly authorized, is recommended. There is an inbuilt security encryption block as a part of the NFC communication architecture. A kind request to the manufacturers- please try to enhance its quality and capability. Authentication looks like a better option, with the tags also having secure connection abilities.
Though NFC is seen as the latest trend, it is high time we put on our thinking caps, to decide its veracity for ourselves. Potential threat and privacy issues keep cropping up now and then. So users, operate it with conviction and discretion.
This article was first published in the Electronics Media here
#IndiaStudents #StudentVoices
Originally published at https://www.linkedin.com.
