NFC: RFID enabled smartphones and mobile devices are coming
History Lesson: Who is this guy in the picture and what saying of his is most often misquoted?
Answer: …at the end of this post.
There as been a great deal of buzz about “contactless shopping” being enabled in the next generation of cell phones here in the United States. Google will be including APIs for this in Android 2.3 “Gingerbread” and rumors are it will be in the iPhone 5. The technology used is called “Near Field Communication” (NFC), which is an extension of ISO/IEC 14443 (proximity cards… like the badge you probably have to use to get into your office). On the techie side, these guys operate at 13.56 MHz and communicate via magnetic field induction which should have a range of up to 10 or 20 centimeters… more on that later.
The main way we will probably see NFC used is to enable phones to interact with physical tags (passive) or readers (active) when your phone comes within the few centimeter range. These passive tags could ask your phone to perform a task like launch a URL, send an SMS message, store a contact, or anything else you can communicate in a few kilobytes of data. If you tap on active reader, it may try to use Peer-to-Peer mode and a create a bidirection communication channel. It might then try to have you interact with a custom application on your device or even ask your device to send data back. The way NFC has been implemented in previous mobile phones is that the phone’s NFC reader is always active unless the phone is in a standby or airplane type mode.
The wireless protocol itself is not encrypted, thus the communication is susceptible to eavesdropping and then replay attacks by other near by devices. There has been discussion about how to add encryption, but this is not currently part of the standard. You can also introduce rogue tags and readers, however there is a NFC Signature specification for NFC data exchange format records (NDEF) which tries to address this issue. Unfortunately the specification does not address the public key infrastructure (PKI) behind this or the certificate verification and revocation process. You may be interested in some real world fun Collin Mulliner has had with passive tag spoofing and NFC device fuzzing.
So a large part of NFC security will be the range in which the device can be used. Immediately I wondered how much of previous RFID extended range research from people like Chris Paget would apply here. One of the key things to keep in mind is that the NFC RFID spec operates at 13.56 MHz and in a slightly different way than the 900 MHz RFID protocol. The 900 MHz type of RFID communicates information using backscatter (and from tag to reader only). The NFC spec uses induction to modulate a signal, thereby communicating data back to the host. Because the NFC circuit needs to be powered, the read range is greatly reduced. The RF power which reaches the tag drops off by approximately the distance squared. The read range of the NFC spec is up to 10-20 cm whereas the read range of the 900 MHz spectrum RFID tags has be pushed to hundreds of meters. However, it is possible to eavesdrop on NFC communication at a greater distance. The distance depends on several factors (including the power transmitted by the NFC reader, characteristics of the eavesdropping antenna, and material between the eavesdropper and the legitimate transaction) but is on the order of 1 meter for passive tags.
Are we going to need faraday caged cell phone holsters to stop people from pulling out our credit card data when we’re packed tightly on a subway ride? Hopefully not, but that’s going to depend on how mobile applications and operating systems are written to handle NFC.
History Answer: George Santayana and the saying: “Those who cannot remember the past are condemned to repeat it.”
- benn, higb, and mxs
Post a comment or leave a trackback: Trackback URL.
