Tomcat
Professional
- Messages
- 2,689
- Reaction score
- 913
- Points
- 113
Scientists have calculated all the risks of technology.
Just a couple of decades ago, paying with a credit card in stores was exotic. Cash was so familiar, reliable and seemingly unshakable... But just a decade and a half brought not only credit cards into our lives, but also wireless payment. Many still cannot believe that you can simply pay for cigarettes in a provincial kiosk using your phone, but this is already a reality. But is this payment method safe? Our scientists decided to look into this.
Table of contents:
For Russia, the technology has become truly “popular” and fashionable: wireless terminals with NFC support can be found not only in large cities, but also in seemingly remote provinces.
But not everything is so simple. Where there is technological progress, there will be those who want to abuse its fruits. In the case of contactless payment, these are, of course, hackers.
These guys have become inevitable companions of progress and have added a lot of hemorrhoids to our lives: either they will steal a database of millions of clients from a large Russian company, or with the help of sophisticated viruses they will make sensitive data public domain. Sometimes it seems that hackers are capable of literally anything, and therefore the logical question arises: “Can they steal our money via NFC?”
The question is sensitive, because any of us can suffer from such pranks, which means we need to understand how real this threat is. This is where science comes to the rescue.
Russian scientists from the Moscow Technical University of Communications and Informatics conducted a study in which they not only described the current state of NFC technology, but also gave a breakdown of the risks it carries. Let's look at the underbelly of progress with them!
Information packets are exchanged at a frequency of 13.56 MHz after two devices are within a maximum distance of 10 centimeters from each other.
Depending on the characteristics, devices can operate in different modes. Let's look at them in more detail.
Based on the method of signal exchange, NFC devices can operate in:
Functionally, devices with NFC can perform three different roles:
Why did we look at all these technical nuances in such detail? Yes, because they contain a whole sea of vulnerabilities that scammers can use for their dirty deeds. Which ones worry scientists the most?
To get around this technical nuance, hackers can take several routes:
This vulnerability is relevant only when a number of factors are combined: from distance (maximum parameters of meters to effectively catch a radio signal) to the optimal communication mode of devices (active devices are easier to eavesdrop on than passive ones).
With a transfer of a couple of hundred rubles, on the contrary, just turning on the screen and NFC is enough. Using various tricks, attackers turn on the phone screen remotely and then make, for example, fifty fraudulent payments of 500 rubles each, emptying the wallet.
It is especially worth noting that attacks on NFC devices are not carried out only to steal someone's money. They can be used for the opposite purpose - to block any payments. In this case, hackers will try to damage the data transmitted during transfers so that payment terminals and mobile phones stop working.
Their data can be intercepted and then used for fraudulent transactions. The same data can be changed in order to remake the cards and devices themselves, or, in the most hardcore cases, simply break them.
The shorter the range of an NFC-based device, the safer it is, but don't rely on distance alone. Security during operations depends not only on it, but also on the overall cryptographic security of the smartphone - in other words, the device must be selected so that it encrypts the transmitted data well, otherwise problems will arise.
Improving security standards is the prerogative of cybersecurity programmers on a professional basis. But ordinary people should not forget about the risks that using NFC communication carries. A conscious approach, eliminating the use of this function for trifles will help you keep your personal data and money safe.
(c) Author: Konstantin Nazarenko
www.ferra.ru
Just a couple of decades ago, paying with a credit card in stores was exotic. Cash was so familiar, reliable and seemingly unshakable... But just a decade and a half brought not only credit cards into our lives, but also wireless payment. Many still cannot believe that you can simply pay for cigarettes in a provincial kiosk using your phone, but this is already a reality. But is this payment method safe? Our scientists decided to look into this.
Table of contents:
- What is NFC and what is it used for?
- How hackers can exploit NFC vulnerabilities
- What conclusions can be drawn from the NFC security study?
For Russia, the technology has become truly “popular” and fashionable: wireless terminals with NFC support can be found not only in large cities, but also in seemingly remote provinces.
But not everything is so simple. Where there is technological progress, there will be those who want to abuse its fruits. In the case of contactless payment, these are, of course, hackers.
These guys have become inevitable companions of progress and have added a lot of hemorrhoids to our lives: either they will steal a database of millions of clients from a large Russian company, or with the help of sophisticated viruses they will make sensitive data public domain. Sometimes it seems that hackers are capable of literally anything, and therefore the logical question arises: “Can they steal our money via NFC?”
The question is sensitive, because any of us can suffer from such pranks, which means we need to understand how real this threat is. This is where science comes to the rescue.
Russian scientists from the Moscow Technical University of Communications and Informatics conducted a study in which they not only described the current state of NFC technology, but also gave a breakdown of the risks it carries. Let's look at the underbelly of progress with them!
What is NFC and what is it used for?
NFC is a short-range communication technology. This means that it operates over very short distances - the maximum it can be measured in centimeters, and often devices that support this technology are pressed very closely against each other.Information packets are exchanged at a frequency of 13.56 MHz after two devices are within a maximum distance of 10 centimeters from each other.
Depending on the characteristics, devices can operate in different modes. Let's look at them in more detail.
Based on the method of signal exchange, NFC devices can operate in:
- Active mode - devices themselves create a radio frequency signal and are powered by their own battery
- Passive signal - the device works purely “for reception” and does not illuminate on its own
Functionally, devices with NFC can perform three different roles:
- Reader or writer - in this case, devices read all basic information from the connected device. Depending on the task, they can either save this data or write new ones to the second device.
- Peer-to-peer network devices - devices are combined into a small local network to transfer larger files.
- Card emulation device - in this case, the NFC device acts as a keeper of the digital tag in passive mode. Your mobile phones perform the same function when you use them to pay for beer in the supermarket.
Why did we look at all these technical nuances in such detail? Yes, because they contain a whole sea of vulnerabilities that scammers can use for their dirty deeds. Which ones worry scientists the most?
How hackers can exploit NFC vulnerabilities
Scientists note that, in general, payment via NFC is quite safe, because the authors of the technology have provided options for abusing its features. Thus, to ensure the confidentiality of the user’s payment data on his smartphone, only one application can directly use NFC for payments. For greater security, it is separated from the rest of the operating system so that viruses embedded in it have minimal chances of infecting the NFC module.To get around this technical nuance, hackers can take several routes:
- The first is eavesdropping. Using special equipment, an attacker can detect a radio frequency signal from an NFC device and use a copy of it for their own purposes.
This vulnerability is relevant only when a number of factors are combined: from distance (maximum parameters of meters to effectively catch a radio signal) to the optimal communication mode of devices (active devices are easier to eavesdrop on than passive ones).
- The second scheme is connected with it - “man in the middle” . Its meaning is that between the parties to the payment there can be a third person who will catch the signal himself and either change it or save it for future use.
- If hackers fail to “listen” to your mobile phone, they may try to bypass the procedure for confirming the cardholder’s identity on his device.
With a transfer of a couple of hundred rubles, on the contrary, just turning on the screen and NFC is enough. Using various tricks, attackers turn on the phone screen remotely and then make, for example, fifty fraudulent payments of 500 rubles each, emptying the wallet.
- Particularly sophisticated criminals can prepare for fraudulent schemes much in advance, implementing an attack in a pre-play format. Its purpose is to repeat the attack scenario after developing an accurate simulation . It works like this: a hacker who knows in advance the technical characteristics of the devices being attacked makes an “experimental” attack in advance on a safe “testing ground”, stores the resulting algorithms until a convenient moment, and then, at the right time, simply launches them to carry out a real attack.
It is especially worth noting that attacks on NFC devices are not carried out only to steal someone's money. They can be used for the opposite purpose - to block any payments. In this case, hackers will try to damage the data transmitted during transfers so that payment terminals and mobile phones stop working.
What conclusions can be drawn from the NFC security study?
Like any technology, NFC may carry risks for its users.Their data can be intercepted and then used for fraudulent transactions. The same data can be changed in order to remake the cards and devices themselves, or, in the most hardcore cases, simply break them.
The shorter the range of an NFC-based device, the safer it is, but don't rely on distance alone. Security during operations depends not only on it, but also on the overall cryptographic security of the smartphone - in other words, the device must be selected so that it encrypts the transmitted data well, otherwise problems will arise.
Improving security standards is the prerogative of cybersecurity programmers on a professional basis. But ordinary people should not forget about the risks that using NFC communication carries. A conscious approach, eliminating the use of this function for trifles will help you keep your personal data and money safe.
(c) Author: Konstantin Nazarenko
Как могут и как не могут взломать NFC-оплату в вашем смартфоне
Еще пару десятилетий назад оплата кредитной картой в магазинах была экзотикой. Наличка была такой привычной, надежной и вроде бы незыблемой... Но всего полтора десятка лет принесли в нашу жизнь не только кредитки, но и беспроводную оплату. Многие до сих пор не могут поверить, что заплатить за...
www.ferra.ru
