What is NFC and what are the risks?
One of the main reasons the issue of security surrounding mobiles is on the rise is because portables are being used ever more frequently to access the internet, make payments and carry out transactions with banks and merchants. But another financial benefit could soon become commonplace that could increase the risk of attack.
The ability to pay for products by simply waving a phone in the direction of a specialised scanner is on the way to our increasingly versatile pocket-sized devices, if recent reports are to be believed, making finance management a key part of a mobile’s arsenal. The technology, called NFC, is already at the trial stage and seeks to ultimately remove the need to carry cash and even credit cards around on the move.
What is NFC?
NFC stands for Near Field Communication, and is a short-range (approximately 10cm) wireless technology that uses electromagnetic radio fields to transmit data a short distance from a transmitter to a receiver. The transmitter would be a mobile phone that could be activated and simply waved in the vicinity of a receiver; a device that effectively acts as an electronic checkout to offer swift payment for goods and services. Those that live in London may already be familiar with the NFC system integrated into the Oyster card – offering storage of travel permits for easy payment, but with the technology seemingly making its way to mobile phones and expanding the range of goods and services it can facilitate, it could eventually become commonplace around the world.
How close are we to NFC in phones?
A number of large companies have thrown their weight behind mobile-based NFC, and VISA is currently trialling the technology with 4,200 people across four different nations in Europe. Rumour has it that the iPhone 5 will include the wireless technology, Google has already built it into the Nexus S smartphone, Nokia has confirmed its interest and other major players seem sure to follow. This is in addition to wireless carriers such as the US-based Verizon and AT&T networks, along with T-Mobile, which would suggest that it’s just a matter of time before this facility becomes available to the masses.
What are the security concerns?
Since NFC has the potential to replace physical money or credit cards, it stands to reason that similar concerns around security would exist, along with the fact that, of course, your funds are effectively being sent across the airways and could therefore be intercepted by hackers. While threats to mobile phones are on the rise, generally hackers are motivated by financial gain and since it’s far more common to use a desktop or notebook to perform financial transactions, this is one of the reasons why handhelds have only been targeted in increasing numbers in recent times.
IBM has been vocal on the subject of security in regards to this technology and suggests that it could lead to increasing interest from malicious parties. Threat intelligence manager for IBM’s internal security taskforce Tom Cross spoke at the IBM Pulse conference in Las Vegas this year to outline the concerns.
"If we see people doing more e-commerce on the phone and we see the phone being used as a payment device in the physical world that people are working in, that may be creating a financial incentive to exploit the device," said Cross. "A lot of users are hacking or jail-breaking their devices so that they can do things the manufacturer had never intended. In order to do that they need the same sort of exploit code a malicious person would need to remotely control the device, and this desire to jailbreak is driving [harmful] exploits."
How can you stay safe?
Traditional measures such as installing security software on a phone can help prevent third parties from accessing funds you may have stored on the device for future payments remotely, but the nature of NFC is such that a more personal touch is required. Setting up a PIN unlock code may soon become essential, for example, as would avoiding the installation of unknown third-party applications. However the responsibility won’t just lie with the end-user, and if this technology were to ever become successful, a significant number of safeguards would need to be put in place by device manufacturers and educating the public on potential threats would be essential.
NFC could certainly add a significant convenience to the increasingly versatile handheld, and with so many major players throwing their weight behind it the technology seems more of an inevitability than a possibility. Its potential acts as yet another reason why mobile phone users should start considering their devices as potential security risks if not properly protected however, and with recent reports outlining more “traditional” threats to handhelds, there’s never been a better time to increase awareness of how users can keep their sensitive data safe.