NFC
NFC Reader
NFC Tools
https://arxiv.org/pdf/1705.02081.pdf
Lack of security protection of communication. Most NFC communications do not include encryption mechanisms during its data exchange, it relies on the short range (i.e., less than 4 cm) to guarantee absence of eavesdropping attacks. However, the attacker can still place the device (i.e., NFC tag or NFC reader/writer) between client and NFC provider (i.e., NFC contactless point-of-sale) to trigger a specific attack such as eavesdrop, URL/URI spoofing. This vulnerability can also be exploited to jam the data exchange between two parties by sending out specific packet at the right timing, which can lead to a deny-of-service (DoS) attack toward the NFC- service provider.
URL/URI spoofing. The authors show that spoofing attacks can be performed to trick the user to see the false information as a valid one. In example, the attacker will design an exactly copy of a user’s trusted website with an almost equal URL so the user does not see the difference if she is not cautious. In addition, to uniform resource identifier (URI) and uniform/universal resource locater (URL) spoofing the research shows that phone call and text-message spoofing using the NFC protocol are also applicable. Furthermore, URI and URL spoofing are specially useful in combination with other attacks (i.e., cross-site request forgery).
Lack of authentication mechanism of NFC device. When the NFC reader reads information from another NFC-enabled device, there is not any authentication mechanisms available. Therefore, there is a potential risk of tag replacement and tag hiding (TRTH) attack. In the TRTH scenario, the NFC tags are overwritten by an attacker with malicious information or the physical tag is replace with another tag prepared by the attacker.
Automatic and non-user intervention URL/URI connection. The proposed attack takes advantage of the non-user inter- vention when the device detects another NFC device in its proximity. The malicious NFC provides an URL/URI to attack the user’s device, as the Android system does not request any user intervention, the device will automatically open the provided link by either other smartphone or NFC-tag. This situation opens security and privacy threads for the device’s owner. Once, the device opens the link, it can be attacked by fingerprinting mechanisms or share the user’s location for example (see more details in Section IV. The URI can also open application services such as contacts to automatically add malicious contacts without user permission request.
The attack can be achieved placing NFC-tags that unlocked Android devices will read in several locations: (1) public transport: in areas where the public transport uses NFC reader we can track user’s movement from one station to another, collect the user’s routine information (i.e., when the user goes to work and back home, where does he work); (2) coffee shop, poster at shopping mall : placing NFC-tags under coffee tables or in locations where users tend to leave the device unlocked, we can collect not only device’s information but also the geo-location as we know where the tag is located. For both situations, we can also collect the mentioned social network profiles or leverage more complex attacks in combination with other documented browser vulnerabilities.
