Carding 4 Carders
Professional
- Messages
- 2,730
- Reaction score
- 1,465
- Points
- 113
NFC technology has actively entered the masses over the past few years. But NFC has both a number of advantages and disadvantages. Let's take a look at some of them and find out how this technology works.
NFC (Near Field Communications, which translates to "exchange at close range") is a high-frequency wireless communication technology with a small (no more than 10 cm) range (but not quite, we will return to this point later
.
Principle of operation
NFC works thanks to radio frequency identification (RFID) and is based on the phenomenon of electromagnetic induction. The reader's transmitter continuously emits a sinusoidal signal at a frequency of 13.56 MHz through its antenna. The sensor also has an antenna, and when the sensor and reader are located at a distance sufficient for NFC operation, a magnetic field is generated by alternating current in the reader coil. After that, the current is generated in the second coil - the sensor. The connection time between devices does not exceed 0.1 seconds.
In passive mode, the reader creates an electromagnetic field, the NFC tag modulates it and generates a response. In other words, the tag does not need to be connected to a power source or have a built-in battery, so its size can be reduced to a minimum.
In active mode, two active devices can communicate, each with its own signal source. Then they "talk" and" listen " in turn.
NFC technology allows you to exchange information at speeds of 106, 212 and 424 Kbit / s. Most commonly used is Manchester encoding with 10% modulation depth. Sometimes active devices transmit data using a modified Miller code at 106 Kbit/s.
Using NFC
Currently, there are three main areas of application for NFC.
The first and most common one is card emulation for making contactless payments. An NFC-enabled smartphone can impersonate a Bank card or a subway ticket. At the same time, Bank card data is stored not in the phone's memory, but on a special chip, similar to what is used in EMV standard cards. It encrypts all data, manages the authentication process, and starts payment transactions.
The second area of application of NFC is reader mode. In this mode, the smartphone acts as a scanner for NFC tags containing various additional information. Recently, NFC tags have begun to replace barcodes in Western stores. You can find them on food products in supermarkets and, by holding up an NFC-enabled device, find out the expiration date and composition of the product. NFC tags are also used to display interactive advertising information.
The third mode of NFC operation is called peer-to-peer. In this case, the two devices communicate with each other to exchange information. In this way, you can transfer contacts from one smartphone to another or settings from a Wi-Fi router to a mobile device.
But not everything is as smooth and rosy as we would like...
NFCdrip Attack
So in October (18 of the year), an employee of Checkmarx, Pedro Umbelino, demonstrated that NFC technology can be effectively used to extract small batches of data (passwords, encryption keys) from devices, and this can also be done over relatively long distances.
In theory, NFC allows two devices to interact with each other close, at a distance of up to 10 cm from each other, as I wrote at the very beginning. But Umbelino developed the NFCdrip attack, which allows NFC to be exploited over long distances, and can be used to secretly extract data if Wi-Fi, Bluetooth, or GSM are disabled.
NFCdrip requires changing the NFC operating mode, and the researcher emphasizes that on the Android platform, this does not even require any special permissions, which makes the attack even easier. NFCdrip uses on-off keying, one of the simplest forms of amplitude keying, where the presence of a signal is considered as 1 bit, and the absence as 0 bits.
In the course of his experiments, the specialist was able to demonstrate how malware on an Android device can use NFC to transmit passwords at a distance of tens of meters from another Android device connected to a simple AM receiver.
So, the transmission of information over a distance of 2.5 meters ended with a complete absence of errors and work at a speed of 10-12 bits per second. At a distance of 10 meters, errors begin to appear, but Umbelino says that they can be corrected, and at this distance data transmission is possible even through walls. As a result, the record distance for data transmission, tested by a specialist, was 60 meters. Moreover, this value can be further increased if you connect an AM antenna and SDR to the case.
The expert notes that such an attack can work even when the device is in "airplane mode", and emphasizes that NFCdrip poses a threat not only for Android-based devices.
You can also watch a presentation about this issue at the conference Hack.lu
Somehow, it is not yet clear how this technology will develop and what exactly awaits it. But I know one thing, personally, I wouldn't implant nfc chips in my body, at least not yet))
NFC (Near Field Communications, which translates to "exchange at close range") is a high-frequency wireless communication technology with a small (no more than 10 cm) range (but not quite, we will return to this point later
.Principle of operation
NFC works thanks to radio frequency identification (RFID) and is based on the phenomenon of electromagnetic induction. The reader's transmitter continuously emits a sinusoidal signal at a frequency of 13.56 MHz through its antenna. The sensor also has an antenna, and when the sensor and reader are located at a distance sufficient for NFC operation, a magnetic field is generated by alternating current in the reader coil. After that, the current is generated in the second coil - the sensor. The connection time between devices does not exceed 0.1 seconds.
In passive mode, the reader creates an electromagnetic field, the NFC tag modulates it and generates a response. In other words, the tag does not need to be connected to a power source or have a built-in battery, so its size can be reduced to a minimum.
In active mode, two active devices can communicate, each with its own signal source. Then they "talk" and" listen " in turn.
NFC technology allows you to exchange information at speeds of 106, 212 and 424 Kbit / s. Most commonly used is Manchester encoding with 10% modulation depth. Sometimes active devices transmit data using a modified Miller code at 106 Kbit/s.
Using NFC
Currently, there are three main areas of application for NFC.
The first and most common one is card emulation for making contactless payments. An NFC-enabled smartphone can impersonate a Bank card or a subway ticket. At the same time, Bank card data is stored not in the phone's memory, but on a special chip, similar to what is used in EMV standard cards. It encrypts all data, manages the authentication process, and starts payment transactions.
The second area of application of NFC is reader mode. In this mode, the smartphone acts as a scanner for NFC tags containing various additional information. Recently, NFC tags have begun to replace barcodes in Western stores. You can find them on food products in supermarkets and, by holding up an NFC-enabled device, find out the expiration date and composition of the product. NFC tags are also used to display interactive advertising information.
The third mode of NFC operation is called peer-to-peer. In this case, the two devices communicate with each other to exchange information. In this way, you can transfer contacts from one smartphone to another or settings from a Wi-Fi router to a mobile device.
But not everything is as smooth and rosy as we would like...
NFCdrip Attack
So in October (18 of the year), an employee of Checkmarx, Pedro Umbelino, demonstrated that NFC technology can be effectively used to extract small batches of data (passwords, encryption keys) from devices, and this can also be done over relatively long distances.
In theory, NFC allows two devices to interact with each other close, at a distance of up to 10 cm from each other, as I wrote at the very beginning. But Umbelino developed the NFCdrip attack, which allows NFC to be exploited over long distances, and can be used to secretly extract data if Wi-Fi, Bluetooth, or GSM are disabled.
NFCdrip requires changing the NFC operating mode, and the researcher emphasizes that on the Android platform, this does not even require any special permissions, which makes the attack even easier. NFCdrip uses on-off keying, one of the simplest forms of amplitude keying, where the presence of a signal is considered as 1 bit, and the absence as 0 bits.
In the course of his experiments, the specialist was able to demonstrate how malware on an Android device can use NFC to transmit passwords at a distance of tens of meters from another Android device connected to a simple AM receiver.
So, the transmission of information over a distance of 2.5 meters ended with a complete absence of errors and work at a speed of 10-12 bits per second. At a distance of 10 meters, errors begin to appear, but Umbelino says that they can be corrected, and at this distance data transmission is possible even through walls. As a result, the record distance for data transmission, tested by a specialist, was 60 meters. Moreover, this value can be further increased if you connect an AM antenna and SDR to the case.
The expert notes that such an attack can work even when the device is in "airplane mode", and emphasizes that NFCdrip poses a threat not only for Android-based devices.
You can also watch a presentation about this issue at the conference Hack.lu
Somehow, it is not yet clear how this technology will develop and what exactly awaits it. But I know one thing, personally, I wouldn't implant nfc chips in my body, at least not yet))
