Near Field Communications (NFC) and security.

[Clarence]

Anyone care to discuss what they know about NFC and whether they think it could be a potential security hole when it comes to personal information theft?

Also, anyone ever heard of or used Cimbal as an alternative?

Dorian said the Japanese are using NFC extensively. Reading this makes me think that NFC would not present a risk.

[Ads]

Android.net is the premier Android Forum on the internet.

[Clarence]

Yawn. :rolleyes:

*crickets*

OK, well, this concludes our symposium on NFC.

[marvin_attdroids]

deleted by author

[Clarence]

Uh, you want ME to do research? :eek:

That's funny, Marvin. (iGoogle)

Well, I did do a little before I posed the question and ran across an article that was extremely biased against NFC. I was really fishing for someones take on the subject that has real time experience. Guess I should have said so from the start. Ah well, I'm sure there will be plenty of discussion one way or the other when NFC does come to U.S. cell phones.

Bye the bye, Marvin, do you have an opinion on NFC?

Yes
No
Who gives a hoot

[marvin_attdroids]

deleted by author

[Dorian]

I think that NFC does need more robust security in some areas, but the times that I've used it in Tokyo, it's amazingly simple. I was in Tokyo for all of May 2010, so I bought a phone from DoCoMo with NFC and had it setup to use my international Visa. I could use it to buy drinks from vending machines by just holding the phone up to the pad on the front of the machine and entering my PIN, and it was the same for MANY places I went. It still requires you to enter a PIN to actually release the funds to the vendor. It's definitely unique, and IMO, VERY VERY convenient.

NFC 2.0 incorporates more into the standard, including more security and more connected bandwidth between the NFC chip and the payment terminal.

That's my $.02

[Clarence]

Excellent. Thanks Dorian. The reason I ask about security is because of a Television program I saw where a thief with a handheld scanner, if in close proximity, was stealing credit card numbers from NFC capable credit cards. I've also seen web sites that sell protective sleeves for credit cards and passports that are supposed to prevent this type of theft. Is sensitive information stored on an NFC capable phone? Do you know if the new 2.0 standard addresses this issue?

Great stuff, Dorian. Thanks again.

[Dorian]

Excellent. Thanks Dorian. The reason I ask about security is because of a Television program I saw where a thief with a handheld scanner, if in close proximity, was stealing credit card numbers from NFC capable credit cards. I've also seen web sites that sell protective sleeves for credit cards and passports that are supposed to prevent this type of theft. Is sensitive information stored on an NFC capable phone? Do you know if the new 2.0 standard addresses this issue?

Great stuff, Dorian. Thanks again.

The NFC chips in use today with Smartphones are a little bit more range specific, like to the tune of about an inch maximum. So to steal any information from them currently, you have to be VERY close... but it is possible to get the CC number though. The thing the thief won't be able to access though is your PIN. Unlike paying with a CC, you will always have to enter a PIN, like a Debit card. The other major plus to NFC is that since it's a part of an internet connected device, CC numbers can be changed on the fly for security. So the number the thief steals may not even be active 5 minutes later.

Another cool thing I forgot to mention is that similar to Google's Places Placards they're handing out to businesses ATM... In Tokyo I was able to make a reservation at a restaurant on my phone, then when I got there I touched my phone to the NFC panel by the door and I was automatically put in the book as on time and waiting on a table without having to wait in line to speak to anyone. It was simple and straightforward.

There are SOO many cool possibilities avaliable with NFC that's it unreal. And I'm excited that Google is a major backer. Visa is slated to be quite interested in partnering with Google to bring mobile payment to the US, so it's gonna get good here soon!

[Clarence]

Thanks again, Dorian, for some very useful information. I know %100 more about NFC than I did 3 days ago. That you have real world experience is an added bonus. Thanks for sharing your stories.

[Piekup]

The NFC chips in use today with Smartphones are a little bit more range specific, like to the tune of about an inch maximum. So to steal any information from them currently, you have to be VERY close... but it is possible to get the CC number though. The thing the thief won't be able to access though is your PIN. Unlike paying with a CC, you will always have to enter a PIN, like a Debit card. The other major plus to NFC is that since it's a part of an internet connected device, CC numbers can be changed on the fly for security. So the number the thief steals may not even be active 5 minutes later.

Another cool thing I forgot to mention is that similar to Google's Places Placards they're handing out to businesses ATM... In Tokyo I was able to make a reservation at a restaurant on my phone, then when I got there I touched my phone to the NFC panel by the door and I was automatically put in the book as on time and waiting on a table without having to wait in line to speak to anyone. It was simple and straightforward.

There are SOO many cool possibilities avaliable with NFC that's it unreal. And I'm excited that Google is a major backer. Visa is slated to be quite interested in partnering with Google to bring mobile payment to the US, so it's gonna get good here soon!

Looking for info on this, I found this thread. I have recently seen TV ads stating that metal cases can protect NFC-enabled cards from being snooped. Is this really possible from any significant distance (one foot or more), e.g. in the case that people walking through crowds or through doors could have their NFC-enabled devices attacked (either cards or phones)? My sense is that this (selling NFC security devices) is a scam which is likely to gain traction, but I'd like to know for sure anyway. Any links to reliable security analyses would be very appreciated.