Skip to content

What is an NFC attack? How does it work and 3 preventive measures

  • by
  • 4 min read

Most of you will have heard of NFC already, while others will have used NFC a couple of times without even realizing it. Remember that transaction you made the other day at the superstore, by tapping your smartphone to the card machine? 

Yes, that was done through NFC between your smartphone and the card machine. But how does NFC work and what is NFC attack? Should you be concerned? We’re going to give you the answers to all this and more.

NFC stands for Near Field Communication, and as the name suggests, it is a form of wireless technology that operates over short distances. The technology has been around for quite a while now and is usually found as a feature in high-end smartphones and a few mid-rangers as well.

However, unlike other wireless technologies like Bluetooth and WiFi, NFC operates over very short distances in a radius of about 4cm. For this, it requires at least two operating devices — one to transmit and another to receive the message.

The applications of NFC are extensive, and apart from making cashless payments through your wallet, NFC can also be used to send a number, pictures, documents, directions, songs and the list is endless.

Also read: What is a Teardrop attack and how to prevent it?

What is NFC Attack?

E-commerce store Volusion breached: Financial data stolenThe same way that data can be shared between devices using NFC, it can also be stolen, modified, erased or corrupted. This is known as an NFC attack, and causes a high-risk factor, as most people use NFC to perform bank transactions, and send personal information. Here are some common methods that the attackers use for NFC attacks

  • Eavesdropping: In this method, the attacker uses an antenna to record the data being communicated between both devices, even though the distance separating them is quite small. The data can not only be stolen but can also be corrupted in some cases rendering it useless.
  • Data Modification: In this method, the attacker intercepts the signal and the data is captured and modified, by the attacker’s radio frequency transmitter. The attacker’s device manages to halt the data exchange briefly and modify the binary code. 
  • Spoofing: In this scenario, a third party tries to get a user to tap its device against an NFC tag. The attacker has already interfered with the original tag (for example a poster) by using another malicious tag. This malicious tag could force the user to execute a corrupt code, aided by the fact that many devices automatically execute code connected to NFC tags.

There are still many more methods by which attackers can compromise your data through the NFC standard, but these are the most common.

Also read: Ransomware vs Malware vs Spyware

How do you protect yourself against NFC attackers?

Modern NFC technology is quite safe, as more than a billion people are using it today. However, flaws are being discovered every day, and it pays to follow a few simple steps to ensure the safe usage of NFC through your device.

NordVPN confirms that one of its datacenters was hacked

Read data usage policy of NFC enabled applications carefully 

When people use credit cards for transactions, they know that the issuing bank, card processor and credit card company will retrieve some information about their buying habits. However, when you use NFC, the parties who receive your data is vague.

In some cases, the app developer (for example Google Pay) or service provider could also have access to your data. Therefore always make sure to read the data usage policy of the application you’re using to protect your privacy.

Keep a check on NFC updates and patches

Always make sure that your phone is updated with the latest security patches. Flaws and vulnerabilities can resurface with future updates that create a new loophole, so it’s always advisable to keep your phone updated and secure against any potential threats.

Always turn off NFC when not in use

This is the simplest and most effective measure you could do. Keeping NFC turned on could make it easy for any attackers to just tap your phone and compromise your device in seconds. This will not only conserve some of your battery life but will also reduce exposure to attackers.

Also readWhat are code-signed Malware and ways to protect your device

Kelan Reay Baretto

Kelan Reay Baretto