• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

Law enforcement operations seized BlackSuit ransomware gang’s darknet sites

 | 

Arizona woman sentenced for aiding North Korea in U.S. IT job fraud scheme

 | 

Operation CargoTalon targets Russia’s aerospace with EAGLET malware,

 | 

Unpatched flaw in EoL LG LNV5110R cameras lets hackers gain Admin access

 | 

Koske, a new AI-Generated Linux malware appears in the threat landscape

 | 

Mitel patches critical MiVoice MX-ONE Auth bypass flaw

 | 

Coyote malware is first-ever malware abusing Windows UI Automation

 | 

SonicWall fixed critical flaw in SMA 100 devices exploited in Overstep malware attacks

 | 

DSPM & AI Are Booming: $17.87B and $4.8T Markets by 2033

 | 

Stealth backdoor found in WordPress mu-Plugins folder

 | 

U.S. CISA adds CrushFTP, Google Chromium, and SysAid flaws to its Known Exploited Vulnerabilities catalog

 | 

U.S. CISA urges FCEB agencies to fix two Microsoft SharePoint flaws immediately and added them to its Known Exploited Vulnerabilities catalog

 | 

Sophos fixed two critical Sophos Firewall vulnerabilities

 | 

French Authorities confirm XSS.is admin arrested in Ukraine

 | 

Microsoft linked attacks on SharePoint flaws to China-nexus actors

 | 

Cisco confirms active exploitation of ISE and ISE-PIC flaws

 | 

SharePoint under fire: new ToolShell attacks target enterprises

 | 

CrushFTP zero-day actively exploited at least since July 18

 | 

Hardcoded credentials found in HPE Aruba Instant On Wi-Fi devices

 | 

MuddyWater deploys new DCHSpy variants amid Iran-Israel conflict

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Hacking
  • Security
  • NFC, business opportunities, security and privacy issues

NFC, business opportunities, security and privacy issues

Pierluigi Paganini May 09, 2012

The NFC technology

Near field communication (NFC) is a set of standards for Smartphones and similar devices to establish radio communication with each other by touching them together or bringing them into close proximity. The standard describes a radio technology that allows two devices to communicate at a short distance, no more than a few centimeters, allowing the exchange of information quickly and safely.

From the user-end, NFC represents a true revolution, the possibility to provide in a unique device a mobile wallet, a credit and debit cards, a tag for dynamic identification, an instrument to share information. For this reason NFC technology is really desirable for different business and marketing models.  The NFC solutions have the ambitious task to be the link across diverse fields from health care to telecommunication.

The NFC technology is widely used in many areas and the main applications that can benefit from its introduction are:

  • Payment via mobile devices such as Smartphone and tablets.
  • Electronic Identity.
  • Electronic ticketing for use in transportation.
  • Integration of credit cards in mobile devices
  • Data transfer between any kind of devices such as digital cameras, mobile phones, media players.
  • P2P (peer-to-peer) connection between wireless devices for data transfer.
  • Loyalty and Couponing/Targeted Marketing/Location-Based Services
  • Device Pairing
  • Healthcare/Patient Monitoring
  • Gaming
  • Access Control/Security Patrols/Inventory Control (tags and readers)

NFC standards cover communications protocols and data exchange formats, and are based on existing radio-frequency identification (RFID) standards, including ISO/IEC 14443 related to Identification cards, contactless integrated circuit cards  and proximity cards.


From a technological perspective NFC is an extension also of the standards ECMA and ETSI, and describe the integration of a smart card with a terminal device.

All NFC devices allow writing and reading of information at a high speed (424Kbis / s) once two devices, approaching less than few centimeters away, creating a wireless connection, which is also compatible with the already known WI-Fi and Bluetooth. The short distances between terminals of communications make it more secure, making really difficult data “sniffing”.

An NFC device can communicate with existing card readers and ISO 14443 as with other NFC devices, these features make it compatible with existing RFID infrastructures.

When we speak about NFC today, we immediately refer mobile communication and the possibility to extend the usage of mobile devices as payment terminal. Major firms such as Nokia and Google are developing a lot of projects related to this scenario anyway, we must consider that NFC could be adopted in various areas, healthcare for example. NFC devices can operate in three modes mainly:

  1. as card emulators, providing an alternative storage for information memorized  in a plastic card.
  2. in peer-to-peer mode, where a couple of devices exchange and.
  3. as card/tag reading and writing mode  where an NFC device read or change information stored in an RFID tag or contactless card.

Many US corporations have or are planning to provide NFC devices or solutions, including device manufacturers such as Google and Apple, financial services as MasterCard and Visa, Citigroup and also mobile operators such as AT&T and Verizon, big  companies that drive the business and the markets are massive investments in the technologies attracting a multitude of minor firms that provide development for the incoming standard.

The killer application for the future is the one that will make possible for multiple card issuers and payment processors to share space on an NFC handset opening the technology to a scenario rich of applications.

We are in front of one of the business opportunity of our times, several international researchers have confirmed it by providing extraordinary figures, according Deloitte firm in fact:

  • Within in 2013 there may be as many as 300 million NFC Smartphones and other mobile devices
  • 1 in 6 users worldwide will have an NFC-enabled phone by 2014
  • NFC-based mobile transactions are expected to reach nearly $50 billion worldwide by 2014
  • 500 million people around the world will use their mobile devices as travel tickets on metros,
  • subways and buses by 2015; NFC will drive this growth

The 2015 will be the year of the consecration of NFC technology, over 50% of Smartphones will have the NFC capability (Gartner Research), NFC technology will be the most-used solution for mobile payment and NFC will enable worldwide transactions totaling about $151.7 billion (Frost & Sullivan), global mobile transactions predicted to grow to more than $1 Trillion by 2015 (Yankee Group), it’s clear the dimension of the business related to the standards.

The expected success of the NFC introduction in several sectors will attract the interest of worldwide, hackers and cyber criminals, let’s remind that the born of a new technology is a unrepeatable opportunity to exploit 0-day vulnerabilities, in the specific case an attack to the standards could impact several sectors with serious consequences.

Although the communication range of NFC is limited to a few centimeters, the standard does not ensure secure communications and several types of attacks are already known in literature. The current ISO standard doesn’t address these attack methods, for example the NFC despite suffers Man In The Middle attacks, no protection is offered against eavesdropping making exchanged data vulnerable to data modifications.  Following a short list of the main attacks know of NFC technologies:

  1. Data modification
  2. Eavesdropping
  3. Relay attack
  4. Data Corruption
  5. DDoS Attack
  6. Man In The Middle attack

Near field technology will have also a potentially dramatic impact user’s privacy, as with credit cards, sensitive data are stored on NFC devices that will become targets for cyber criminals. The good news is the security level provided by a device like a Smartphone could be better than the one provided by a smartcard.

NFC technology will become omnipresent in our lives, many devices surround us will implement the standards from the mobile phone to the access management system of our office. Payments, accesses, visited places, all this information can be acquired monitoring an NFC device associated with our identity.

Anyway, we must consider that NFC usage could be extended to several sectors, from private business to the military, for this reason security and privacy are most concerning issues. Several studies indicate that most consumers do not understand current risks and are not diligent about the security of their mobile devices.

“The risks to personal privacy must be addressed,” say the authors of “Near Field Communications; Privacy, Regulation & Business Models”. “This is not only to protect against surveillance, but it is essential to ensure that there is confidence in the marketplaces that may yet emerge with widespread use of NFC.”

There is no doubt that the NFC will be a revolution in different sectors offering the possibility of having an “all in one” device integrable in a simple and practical way in every architectural solution.

Marketing experts foresee a sustained growth, which they must comply, in my opinion, the implementation of security mechanisms and appropriate laws and regulations that take into full account the privacy of users.

Pierluigi Paganini


facebook linkedin twitter

0-day vulnerabilities cyber criminals DDoS identity mobile communication NFC privacy security

you might also like

Pierluigi Paganini July 26, 2025
Arizona woman sentenced for aiding North Korea in U.S. IT job fraud scheme
Read more
Pierluigi Paganini July 25, 2025
Unpatched flaw in EoL LG LNV5110R cameras lets hackers gain Admin access
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    Law enforcement operations seized BlackSuit ransomware gang’s darknet sites

    Cyber Crime / July 26, 2025

    Arizona woman sentenced for aiding North Korea in U.S. IT job fraud scheme

    Intelligence / July 26, 2025

    Operation CargoTalon targets Russia’s aerospace with EAGLET malware,

    Intelligence / July 25, 2025

    Unpatched flaw in EoL LG LNV5110R cameras lets hackers gain Admin access

    Security / July 25, 2025

    Koske, a new AI-Generated Linux malware appears in the threat landscape

    Malware / July 25, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT