Near Field Communications (NFC)–A New Attack Vector?

Many devices including smartphones and tablets are shipping now or will be available soon with a feature called NFC or Near Field Communications.  We have seen this already in contactless credit card products such as PayPass and PayWave.  Soon you will be able to use your smartphone to make purchases as well.

Charlie Miller, a researcher at this years Black Hat convention in Las Vegas took a look at exploiting the NFC feature, and although NFC in and of itself is pretty secure, there are opportunities to attack the applications that are written to take advantage of NFC.  For example, the Android Beam applications lets an Android phone user transfer files to another Android phone just by touching them together.  Theoretically, a malicious programmer could create an infected document or web page, transfer it to your phone and have you inadvertently execute the malicious payload.

As these devices come online, we will need to be careful about giving permission to applications to use the NFC feature.  Here again is a new vector for a stranger to gain access to your phone and it’s contents, such as pictures and personal documents and account information.

To read the full article, go to Sophos.


About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.