Near field communication (NFC) technology, vulnerabilities and principal attack schema
The Near Field Communication (NFC) is a set of standards for mobile devices designed to establish radio communication with each other by being touched together or brought within a short distance. The NFC standard regulates a radio technology that allows two devices to communicate when they are in close proximity, usually no more than a few centimeters, allowing the secure exchange of information.
NFC standards are based on different communications protocols and data exchange formats, and include also existing radio-frequency identification (RFID) standards such as the ISO/IEC 14443 specific for identification cards, proximity cards and contactless integrated circuit cards. The coverage of various ISO standards ensures for NFC technology the global interoperability that makes the technology usable in different areas.
Figure 1 - NFC standards
From a technological perspective, NFC is also an extension also of the ECMA and ETSI standards, which describe the integration of a smart card with a terminal device. NFC devices allow writing and reading of information at a high speed (424Kbis / s) when they are placed in close proximity, creating a wireless connection, which is also compatible with widely used technologies such as Wi-Fi and Bluetooth.
The NFC technology could be very effective in various areas. The main applications that can benefit from its introduction are:
- Payment via mobile devices such as smartphone and tablets.
- Electronic identity.
- Electronic ticketing for transportation.
- Integration of credit cards in mobile devices.
- Data transfer between any types of devices such as digital cameras, mobile phones, media players.
- P2P (peer to peer) connection between wireless devices for data transfer.
- Loyalty and couponing/targeted marketing/location-based services
- Device pairing
- Healthcare/patient monitoring
- Access control/security patrols/inventory control (tags and readers)
Figure 2 - NFC Application Fields
The possibility of integrating all of the above functionalities in a unique mobile solution makes NFC very attractive to the telecommunication industry; Most of the project is focused on the use of a single device that integrates multiple features improving the user's experience in various environments. On the user end, NFC represents a true revolution; a mobile could be used to send micropayments or as an access management device for dynamic identification. NFC devices can also exchange data with existing card readers and ISO 14443 compliant units, such as other NFC mobiles. This high level of integration of NFC technology represents a point of strength making possible interaction with existing RFID infrastructures.
The short distances between terminals of communications make it more secure, making really difficult data "sniffing."
When NFC technology is mentioned, there is an immediate reference to mobile communication and the possibility of extending the usage of mobile devices as payment terminals. Major firms such as Nokia and Google are developing a lot of projects using NFC; it must be considered that the technology could be adopted in various areas, such as health care. NFC devices can operate mainly in three modes:
- As card emulators, providing an alternative storage for information memorized in a plastic card.
- In peer-to-peer mode, allowing a connection to be made using a different communications protocol such as Bluetooth or WiFi.
- In card/tag reading and writing mode, where an NFC device can read or change information stored in an RFID tag or contactless card.
Many U.S. corporations are planning to provide NFC devices and solutions. The list is very long and includes device manufacturers such as Google and Apple, financial services such as MasterCard and Visa, and also mobile operators, such as AT&T and Verizon. Big enterprises are driving the growth of NFC demand and the markets are investing in the technologies, attracting a multitude of minor firms that provide development for a huge quantity of innovative services.
The killer application for the future is the one that will make it possible for multiple card issuers and payment processors to share space on an NFC handset opening the technology to a scenario rich in applications.
We are in front of one of the biggest business opportunities of our times. Several international researchers have confirmed it with extraordinary figures; according to the Deloitte firm:
- In 2013, there may be as many as 300 million NFC smartphones and other mobile devices.
- 1 in 6 users worldwide will have an NFC-enabled phone by 2014.
- NFC-based mobile transactions are expected to reach nearly $50 billion worldwide by 2014.
- 500 million people around the world will use their mobile devices as travel tickets on metros, subways and buses by 2015; NFC will drive this growth.
The year of the consecration of NFC technology will be 2015, when over 50% of smartphones will have NFC capability (Gartner Research), NFC technology will be the most-used solution for mobile payment; and NFC will enable worldwide transactions totaling about $151.7 billion (Frost & Sullivan); global mobile transactions are predicted to grow to more than $1 trillion by 2015 (Yankee Group). It's clear that business related to the standards will grow to major dimensions.
The expected increase in the supply of NFC solutions has a collateral effect: Hackers and cyber-criminals are focusing their attention on the technology, a growing number of 0-day vulnerabilities will be found, and new exploit kits will be offered in the black market. A flaw in the standard could affect several sectors with serious consequences.
NFC security principles – The tag
Security is an essential aspect of the success of NFC technology. The high interoperability of the popular collection of standards must be integrated with appropriate mechanisms to protect data.
Implementation of security mechanisms to a tag requires analysis of costs versus benefits. There are various solutions that imply different economic and computational costs, therefore it is crucial to understand exactly what information has to be protected and which are the main threats.
Newer tags have security functionality built into the chip but are not a part of the NFC tag specification; the principal objectives to pursue for data protection are:
Principal menaces are represented by an attacker's ability to intercept and manipulate the data without detection. In both cases, the above principles are violated.
The confidentiality is achievable through the use of encryption algorithms, while authenticity and integrity are obtainable through the adoption of signature processes.
To meet authenticity and integrity requirements for the tags developers could refer to NFC Forum Signature NDEF structure, as detailed in the document "NFC Forum Signature Record Type Definition Technical Specification version 1.0."
The technical specification "Specifies the format used when signing single or multiple NDEF records. Defines the required and optional signature RTD fields, and also provides a list of suitable signature algorithms and certificate types that can be used to create the signature. Does not define or mandate a specific PKI or certification system, or define a new algorithm for use with the Signature RTD. Specification of the certificate verification and revocation process is out of scope."
Another possibility for developing it is by defining a proprietary method of signature and associating the signature with a data record.
To employ authenticity/integrity requirements, the tags developer needs to encrypt the payload using standard encryption algorithms, such as TDES, AES, or RSA.
NFC attack methods
Although the communication range of NFC is limited to a few centimeters, the standard does not ensure secure communications and various types of attacks are already known in literature. The current ISO standard doesn't actually address countermeasures against NFC attack methods; for example, the technology is attackable with one of the classic offensive scheme, the man in the middle attack, but no protection is offered against eavesdropping, making exchanged data vulnerable to data modifications.
The principal methods of attack against NFC technologies are:
In an eavesdropping scenario, the attacker uses an antenna to record communication between NFC devices. Despite the fact that NFC communication occurs between devices in close proximity, this type of attack is feasible. Interception of an NFC exchange doesn't always translate into theft of information. In some cases, the attack is meant to corrupt the information being exchanged, making it useless. The principal method to prevent eavesdropping is using a secure channel that has to be established between the NFC devices, usually implementing encryption methods; meanwhile, the proximity of the communication units is another deterrent for attack realization, but it does not eliminate the risks.
Figure 3 - NFC attack scenario
In this attack scenario, the data being exchanged is captured and modified by an attacker's radio frequency device. The attacker's device is able to inhibit the NFC data exchange briefly, but long enough to alter the binary coding. This type of attack is very difficult to implement but the data modification is realizable in rare cases, especially for active mode transmission of NFC information. The most common way to interfere with the NFC data exchange is to use an RFID jammer; Data modification could be detected, introducing code in the NFC source device that measures the strength of frequencies, thus choosing the one that is truly the closest and most likely valid. Checking the RF field during transmission allows the sender to detect this type of attack. Another possibility is to modify the data in such a way that it appears to be valid to the receiver; the attacker has to deal with the single bits of the RF signal. The feasibility of this attack depends on various factors, such as the strength of the amplitude modulation. As described in the in the paper "Security in Near Field Communication (NFC) - Strengths and Weaknesses" by the authors Ernst Haselsteiner and Klemens Breitfuß, transferring data with modified Miller coding and a modulation of 100%, only certain bits can be modified, while transmitting Manchester-encoded data with a modulation ratio of 10% permits a modification attack on all the bits.
A relay attack exploits the ISO/IEC14443 protocol compliance of NFC; the attacker has to forward the request of the reader to the victim and relay back its answer to the reader in real time in order to carry out a task by pretending to be the owner of the victim's smart card.
This attack technique focuses on the extension of the range between the NFC token (e.g., a card) and the reader to implement it two NFC enabled devices are necessary, one acting as a reader and one acting as a card emulator. The access victim system will not able to detect the attack because it will think a card is actually in front of it.
In the attack scenario the attacker holds the NFC reader near the victim's card and relays the data over another communication channel to a second NFC reader placed in proximity to the original reader that will emulate the victim's card.
Figure 4 - Relay attack scheme
The attack is constrained by a timing issue: Because of the physical distance between the two NFC devices, the packets that are relayed will take longer to be transferred to the destination.
RFID technology has some constraints on the time range between a challenge and response, named frame waiting time (FWT); exceeding this limit will cause the failure of the attack. Principal countermeasures to prevent relay attacks are:
- Faraday cages—This is the simplest measure. It consists in shielding the card at the user's side with a box that is called a Faraday cage.
- Signing of the data would result in more security, but a determinant factor is the computational power of the cards used and the ability to verify the signer is a reasonable time.
- Adoption of distance bounding protocols of the RFID system, so that the reader knows whether the card is presented inside the electromagnetic held, or a relay attack is being performed.
Case study –Google wallet relay attack
Roland used the following components for the attack:
- A reader device, called a mole or leech, located in close proximity to the card under attack.
- A card emulator device, called the proxy or ghost, used to communicate with the actual reader
- A fast communication channel between these two devices.
During the attack the mole is brought in proximity to the card under attack; meanwhile, the card emulator is located in proximity of a reader device (POS terminal, access control reader, etc.)
Every command that the card emulator receives from the actual reader is forwarded to the mole that forwards the command to the victim card and the card's response is sent back by the mole to the actual reader through the card emulator.
Figure 5 - Attack Scenario
The limit on a relay attack is the necessity for an attacker to stay in physical proximity (less than one meter) to the device under attack. Recent research demonstrated the possibility of substituting mole hardware with a software application installed on victim's device.
A new possible attack scenario based on software has the following components:
- A mobile phone (under control of its owner/legitimate user).
- Relay software (under control of the attacker).
- A card emulator (under control of the attacker).
- A reader device (e.g., at a point-of-sale terminal or at an access control gate).
Researcher Michael Roland designed Trojan relay software that is able to receive payment commands OTA thru a relay server and use the credentials from Google's embedded secure element for a live payment transaction. In recent versions of Google Wallet (till June 2012), it was possible to communicate with the credit card applets in the secure element through the wired interface without asking the user for his PIN.
On the POS side, a touchatag reader is used to simulate a tag (this could also be down with a BlackBerry or an Android running CyangenMod 9.1, see details). The transaction is relayed over a wireless network (WiFi/GSM/UTMS). Although the round-trip times are longer, the EMV terminal does not recognize the delay, as EMV does not define timing constraints on the terminal for transaction processing.
After Michael presented the POC, Google quickly responded by providing fixes in more recent versions of Google Wallet.
Figure 6 - Proof of concept Video
A data corruption attack is essentially a form of the denial of service (DoS) attack, in which an attacker interferes with data transmission, disturbing or blocking data flow such that the receiver is not able to decipher the information. The attacker does not need to access the transmitted data, he just needs to transmit radio signals to reduce the signals to random noises destroying the information content of the communication.
A common countermeasure implemented in NFC devices is the check for RF signal during data transmission; because the power to corrupt data is bigger than the power used sending the data, the sending device is able to detect the attack and stop the data transmission automatically.
"Data corruption can be achieved by transmitting valid frequencies of the data spectrum at a correct time. The correct time can be calculated if the attacker has a good understanding of the used modulation scheme and coding."
In a spoofing attack, a third party pretends to be another entity to induce a user to tap its device against the tag. This is possible if an attacker compromised an NFC tag (e.g., a smart poster) with a malicious tag that could force a user to execute a malicious code, aided by the fact that some mobile devices are configured to execute commands received from NFC tags automatically
The principal countermeasure against this type of attack is to properly configure the device to prompt a message before executing commands through NFC (e.g., opening a URL).
Man in the middle attack
Despite the NFC standard that requires proximity of devices during the data transfer, it is theoretically susceptible to MITM attacks. An attacker can intercept the information, possibly manipulate it, and relay it to the receiving device. Another factor that makes the implementation of MITM attacks difficult is the use of encryption mechanisms such as AES for secure communication.
Figure 7 - MITM attack scenario
Is it really possible to conduct a MITM attack against NFC? Let's look at the following cases:
- Assume that Alice uses active mode and Bob is in passive mode. Alice generates the RF field and sends data to Bob. An attacker in proximity to Alice could eavesdrop on the information and at the same time has to block transmission to Bob. A possible problem for the attacker is the fact that Alice could detect the disturbance and stop transmission. Assume that Alice does detect the disturbance; Eve needs to send data to Bob, but this is a problem because of the concomitant presence of the RF field generated by Alice that causes two RF fields to be active at the same time. Because it is impossible to perfectly align the two RF fields, Bob cannot interpret data sent by Eve.
- Assume that both Alice and Bob use active mode. Alice sends some data to Bob. Eve can capture the data and disturb the transmission to prevent Bob from receiving the data. Once again, Alice could detect the disturbance done by Eve and stop the protocol. Assuming that Alice does not detect the field, Eve would need to send data to Bob. The problem also is that Alice is listening as she is expecting an answer from Bob, but instead she will receive the data sent by Eve and is able to detect a problem in the protocol and stop the communication. For Eve, it is not possible to send data either to Alice or Bob and to make sure that this data is not received by Bob or Alice, respectively.
Both scenarios are therefore not feasible.
NFC protocol stack fuzzing
Assuming that the attacker is in proximity to a legitimate NFC payment terminal or uses some kind of antenna to do it, an attacker could exploit ordinary operations such as paying for a drink, a metro ticket, or a cab.
Another category of attacks against NFC is based on techniques for fuzzing the NFC protocol stack analyzing the software that is built on top of the NFC stack for victims' devices. An attacker can force some mobile devices to parse images, videos, contacts, office documents, and even any other content without user interaction.
In specific cases, the attacker can completely take control of the phone via NFC, including stealing data on a mobile (e.g., photos and documents), even making phone calls or sending text messages.
Android NFC Stack Bug
Popular hacker Charlie Miller published an interesting proof of concept on NFC attacks titled "Exploring the NFC Attack Surface," in which the researcher demonstrated how to exploit NFC stack bugs shown earlier in Android to get control of the NFC Service. A method usable by an attacker to steal data over the Internet without permission is possible by exploiting the NFC Service that does have BLUETOOTH and BLUETOOTH_ADMIN.
Miller used for the test a Nokia N9 with NFC enabled. This mobile doesn't have "Confirm sharing and connecting," so if attacker presents it a Bluetooth pairing message, it will automatically pair with the device in the message without user confirmation, even if Bluetooth is disabled.
An example of such an NDEF message is
 d4 0c 27 6e 6f 6b 69 61 2e 63 6f 6d 3a 62 74 01 ..'nokia.com:bt.
 00 1d 4f 92 90 e2 20 04 18 31 32 33 34 00 00 00 ..O... ..1234...
 00 00 00 00 00 00 00 00 00 0c 54 65 73 74 20 6d ..........Test m
 61 63 62 6f 6f 6b acbook
"In this message, a PIN is given as "1234", a Bluetooth address, and a name of the device are also provided. Once paired, it is possible to use tools such as obexfs, gsmsendsms, or xgnokii to perform actions with the device. Basically, if a user just enables NFC and makes no other changes to the device, it can be completely controlled by an attacker if the attacker can get it read an NFC tag." Miller wrote in the paper.
Critical vulnerabilities in mobile software could allow the access to information stored on the mobile.
"The code responsible for parsing NFC transmissions begins in kernel drivers, proceeds through services meant to handle NFC data, and eventually ends at applications which act on that data. "
According to many experts, near field technology will have a meaningful impact on the usability of mobile devices in various contexts; on one hand, it will facilitate a user's experience by making it possible to access infinite services with a single devices, but as a side effect it also has a potentially dramatic impact on users' privacy.
Personal information, credit cards, and sensitive data that are stored on NFC devices will become targets for hackers and cyber-criminals. Fortunately, the telecommunications industry is aware of the incoming cyber-threats and is sustaining the definition/adoption of security recommendations that will follow a mobile device during the entire life cycle, from design to disposal. Developing NFC technology, researchers need to account for the trade-off of some aspects such as cost, usability, and level of security, for the reasons explained.
NFC technology will become omnipresent in our lives; many devices around us will implement the standards, from the mobile phone to the access management system of our office. Payments, access, sites visited,—all this information can be acquired by monitoring an NFC device that is associated with our identity.
Anyway, we must consider that NFC usage could be extended to several sectors, from private business to the military. For this reason, security and privacy are the most concerning issues. Several studies indicate that most consumers do not understand the current risks and are not diligent about the security of their mobile devices.
"The risks to personal privacy must be addressed," say the authors of Near Field Communications; Privacy, Regulation & Business Models. "This is not only to protect against surveillance, but it is essential to ensure that there is confidence in the marketplaces that may yet emerge with widespread use of NFC."
There is no doubt that NFC will be a revolution in various sectors, offering the possibility of having an "all in one" device integrable in a simple and practical way in every architectural solution.
Let's close the article with the declaration of Debbie Arnold, director of the NFC Forum, that demonstrates the high interest in the security of NFC solutions:
"The NFC Forum recognizes that NFC security is of utmost importance and supports an active, dedicated Security Working Group to address security issues and opportunities. Our role is to develop interface specifications to enable the use of NFC in a wide range of applications, rather than to define the requirements (including security) of the applications that use the NFC interface."
"All of these activities and mechanisms work hand-in-hand. NFC solution providers may add security measures to their applications as they see fit, including both required and optional user actions to enable or disable functions."
What should you learn next?
What should you learn next?