NFC - Near Field Communication

[Jay]

OK, so the change isn't as drastic as you may think, but it really actually is important as it will change how you use your phone/tablet/other devices in the hopefully near future and wow that I got your attention lovely forumites, the reason I have got your attention is so that I can explain what I've been up to recently and what I most humbly would like is for you all to sign a petition for me.

Since I got my new phone which is NFC (Near Field Communication) capable I've been reading up on it a lot and bought a bunch of NFC tags to program for varying tasks and mucking about with.

The main problem I've found is that to do the cool stuff with NFC you need an app on your phone which knows what the f@ck the code on the tag is telling it. NFC can do mundane tasks like contain the vCard details (useful for business people), giving someone a URL (eg a link to the forum, or specific section or topic). They can also contain a bunch of plain text - boring - and SMS... which have a limited use imo all standard and not very exciting. Now if the NFC forum set out a new set of standards which allowed us to enable/disable wifi/bluetooth/GPS etc would make it more interesting. You can do these sort of things, but you need an app that can understand what to do with the instructions on the NFC chip, what I want to see is the NFC implementation change to include these basic tasks to make NFC better all round.

So what I ask is that you sign the petition below and if you are really interested you can read my blog on this subject:

and please do sign the petition here:
http://www.change.org/petitions/nfc-forum-update-the-standards-and-include-more-functionality#

[Jay]

Oops 

http://vimeo.com/49664045

[Adam]

Secure then

[Jay]

Exactly why I won't be using it for payments. Ever. Same as I'll never use my mobile for baking. Ever. but for other things it is secure and really handy - those transportation companies clearly didn't use the built in security of NFC to prevent being ripped off and only 2 companies throughout the US of A, found so far, is pretty good going. It's also a fairly quick fix for them.

[Adam]

Exactly why I won't be using it for payments. Ever. Same as I'll never use my mobile for baking. Ever. but for other things it is secure and really handy - those transportation companies clearly didn't use the built in security of NFC to prevent being ripped off and only 2 companies throughout the US of A, found so far, is pretty good going. It's also a fairly quick fix for them.

Would a key encryption like PSK work? I suppose it could be intercepted in a MiTMA 

[Jay]

You can write anything to the tags and write-lock them so nothing can be written to them again, so a PSK / certificate application could work and be secure as 1024bit+ encryption can be. A MiTM attack would be hard to pull off as the tags have to be pretty much be in contact with the rear of the phone.

I've tested putting a blank tag on the back of my phone then tapping a tag with data against the back of the phone, against the blank tag and other areas of the phone, and nothing significant happens at most the NFC tag recognition sound is played when 1 tag is slid over the other but the tag isn't read, with the basic tests I'd say it would take some doing to pull off a real MiTM. The most likely thing to happen is the terminal gets hacked in the factory, which is why I won't trust mobile payments, no matter how much Google, Barclays, Lloyds and Visa push it.

One thing I'd be interested in finding out is if NFC radio memory can be cloned to the last used tag/card without knowing whose it was/what it contained.