警聲
ISSUE 1000 October 2, 2013 to October 15, 2013

Information Security Tips Series
Near Field Communication becoming more popular

0 Photo

Near Field Communication (NFC) is a short-range two-way communication technology for smartphone and similar devices to establish radio communication by physically touching them together or bringing them into close proximity, normally with 10 cm. NFC involves an initiator and a target for which the initiator actively generates a Radio Frequency (RF) field that can power up a passive target. The NFC target may be a very simple object like tag, sticker, or card that are equipped with battery, or between two power-up devices to perform peer-to-peer communication. It simply puts an NFC-enabled device against another device, which will automatically recognise it and display information on screen, or writes information to the device.
 
With the characteristics of NFC, which is used in different ways such as object identification, attendance-taking, physical access, loyalty and membership, ticketing and payment not involving cash.  All can be done by using an NFC-enabled smartphone without carrying cash or extra access cards. Users just need to "touch" between devices to accept or reject the connection. The time needed to establish a communication is less than a second.
 
Apart from Octopus card, the NFC-enabled smartphone can also be used in "contactless payment" by using different card associations' application installed in the smartphone. For a user of NFC, especially for payment purposes, the security and safety of their sensitive information are very important. Possible security attacks include eavesdropping, data corruption, malware and physical theft.
 
For eavesdropping and data corruption, the effective prevention method is to use with "secure channels" applications. When a secure channel is established, the information is encrypted and only an authorised device can decode it.
 
For malware, which is one of the most common attacks in mobile security, a user should not install any malicious or unknown applications that the mobile malware would identify sensitive information stored in NFC device and send it to the attackers.
 
Finally, to avoid data loss when it is stolen, users should enable remote data erasure function in the smartphone. When the smartphone is believed to have been lost, users may start this function remotely to deactivate the sensitive information in the smartphone.
 
As NFC is a newly developed technology and becomes more and more popular, it may be a new focus in cyber crimes.