How secure is NFC in 2024?،
Recently, we heard about a hack that could allow one person to unlock 3 million hotel room doors in 161 countries around the world using an Android phone. The door locks, which are susceptible to hacking, are locked using RFID, a radio wave technology.
However, RFID and NFC have many things in common. The revealed hack makes us question NFC, present on almost all modern phones. Is it secure? Let's explore.
NFC and RFID: differences
In the hack we mentioned earlier, the hacker was able to take advantage of the RFID (Radio Frequency Identification) system used to lock and unlock a hotel room. RFID is essentially a technology that uses radio waves to relay identifying information from an electronic tag in an object to an electronic reader.
On the other hand, NFC, or near field communication, is a technology that is more or less an evolved version of RFID. It allows activated devices to share data with each other. It is currently used in contactless payments via telephone, for example.
NFC makes paying with your phone possible, simple and fast
Without going too much into the sophisticated physical details of how they work, here is the fundamental difference between the two technologies. First of all, RFID works over longer distances (up to 100 meters), while for NFC you need to be close to the other device (a few centimeters or up to 4 inches).
Additionally, RFID offers one-way communication: you need one device for a reader and another device for a tag, while the NFC method is two-way: one device can be both a reader and a tag . Additionally, RFID tags can be read quickly in batches, while a single NFC tag can be scanned at the same time.
The advantages of NFC
NFC has become an integral part of our lives. It is mainly used to make payment with a mobile wallet possible. Technically, with an NFC-enabled phone (which most modern phones are) you can pay using the phone rather than your card or cash. This eliminates the need to carry all your bank cards with you everywhere. Additionally, NFC is used for information and data sharing, in-store check-ins, and even scanning a QR code on documents to get additional product information.
Here are the advantages of NFC:
- Easy to use and convenient: pay with your smartphone quickly and easily, without the need to carry a physical wallet
- Efficiency: faster payment transactions mean less time wasted queuing at a supermarket, for example
- Security
Let’s address the last point a little more. Since NFC only works at close range, this eliminates the possibility of a hacker across town (or in the next building, or even across the room) eavesdropping on information exchanged between NFC compatible devices. .
This means the hacker has to be standing right next to you and your NFC-enabled device (we're talking less than 4 inches away) to be able to spy. Well, technically they're confronting you, so it's hard to call it “eavesdropping.”
In addition to this, NFC offers protections such as tokenization of private and personally identifiable data (replacing sensitive information with an anonymous number called a token).
NFC becomes even more secure with your phone's biometric and other protections
Plus, NFC becomes even more secure by protecting your phone. As you know, phones come with biometric and password protections for added security.
In fact, believe it or not, NFC payments are more secure than your traditional card payment. The card can be stolen and is protected by a simple 4-digit PIN. If the thief knows your PIN, he can go on a shopping spree (provided you have the money!). However, if your NFC phone is stolen, it is more difficult for the thief to access it and therefore more difficult to make purchases with money they did not earn. Additionally, any unusual activity with a payment app could trigger your card's security measures to intervene (and the payment may be blocked until you are authenticated).
Disadvantages of NFC: what are the possible weak points of NFC?
Like everywhere in the world, NFC has weaknesses. Here are the possible hacks that can be done with NFC.
A hacker could access an NFC payment terminal and reprogram it to send or request data it shouldn't. Good security of the NFC device and the network makes this risk very low.
As I already mentioned, the hacker must be close (very close) to the NFC device. This makes it very difficult (well, maybe impossible) for the hacker to get that close without anyone noticing. Even if they obtain data, it is very likely to be encrypted and therefore of little use to them.
It's almost the same as eavesdropping, but in this case, someone with an NFC device approaches your phone and triggers a transaction. However, the same problem arises here as with eavesdropping: the required proximity of the hacker to you. If this happens in the street for example, the hacker would need to know where the phone is (is it in your bag, your jacket?…)
A hacker could potentially clone an NFC key. This requires the hacker to have temporary access to a security key to clone it.
This is valid for all available technologies. Essentially, social engineering is manipulation: making you do something you wouldn't otherwise do. In the case of NFC, this may involve bringing your NFC device closer to an NFC scanner to cause an NFC interaction. This one is also low risk, since the hacker will have to communicate with you, thereby exposing themselves somewhat.
So, should you turn off NFC?
The short answer: no, not really. As you can see, attacks using NFC are generally difficult to deploy and are associated with a high level of risk for the malicious user. So overall, NFC is as secure as… well, things can be. It's always possible that you could be hit by lightning, but it's unlikely, right?
The only advice I can give you if you have doubts about NFC is this: always be aware of your surroundings when using it and avoid using it if your location seems blurry.
Here is an example to be wary of. There is a fairly common scam in which malicious users stick RFID stickers on commonly used places (like restaurant tables, hotel nightstands, charging stations). These stickers cause NFC interaction, and if you don't pay attention and approve it, you risk getting an unwanted download or data transfer.
So if you see a random NFC prompt when you placed your phone somewhere, stop NFC and look around. If you find an innocent-looking sticker, be sure to report it (to the authorities or people in the restaurant).
But apart from that: rest assured. NFC is an advanced technology compared to RFID and therefore much more secure than its predecessor.