Your NFC capable Android smartphone could be the newest weapon hackers use to steal money from the credit cards in your pocket, researchers find. In a presentation at Hack In The Box Security Conference in Amsterdam, security researchers Ricardo J. Rodriguez and Jose Vila presented a demo of a real world attack, to which all NFC capable Android phones are vulnerable. This attack, delivered through poisoned apps, exploits the NFC feature allowing unethical hackers to steal money from victims’ credit cards anytime the cards are near the victims’ phone.
What is NFC?
Near Field Communication or NFC is a short-range contact less communication system that uses wireless data to allow various technologies in in close proximity to each other to communicate without the need for an Internet connection. NFC is the primary technology that allows for features like Android Beam. Android Beam allows Android users to swap pictures or contacts by holding two devices together. NFC technology has been increasingly used in cashless payment systems such as Google Wallet and now Android Pay.
NFC evolved from radio frequency identification (RFID) technology. An NFC chip, which can be found in most Android smartphones released in the last 2-3 years, acts as one one part of a wireless link. Once it’s activated by another NFC chip, small amounts of data between the two devices can be transferred when they are held a few centimeters from each other.
HOW DIGITAL PICKPOCKETS WORK
The technology in the card, known as radio frequency identification (RFID), transmits bank details via its own radio signal.
Standing just six inches (15cm) away, these criminals use RFID readers or apps to harvest bank details in a practice known as ‘skimming’.
If a readers or RFID-app enabled smartphone is within range, it can pick up the wireless signals transmitted when that card is being used to buy a product.
The information can then be input into a machine that can be purchased for $300-$400 to replicate the card.
Cards can be protected from RFID skimmers by being wrapped in tin foil or being kept in special foil-lined wallets.
Special wallets that use foil can block these radio frequency signals, but the threat remains very real.
Apple Pay is attempting to overcome the problem by not storing any numbers on an iPhone.
A Chase Bank spokesperson also told the ABC7 I-Team that they are discontinuing the use of that radio technology on their cards.
‘It’s not necessary wrong to pursue these techniques, but more needs to be done to safeguard people,’ said Mr Rotenberg.
A PURSE THAT FIGHTS CRIME: CLUTCH PROTECTS YOU FROM DIGITAL THEFT
A tech-savvy accessories label has launched a clutch purse with built-in capabilities to protect against identity theft.
Articulate‘s clutch costs $35 to pre-order and blocks RFID (Radio Frequency Identification) signals – the relatively new technology that allows us to simply wave our credit cards over a scanner to pay for goods.
According to the team behind the purse – entrepreneur Kevin and his sister Lindsay, based in San Diago, California – the clutch contains a ‘special material’ embedded into the design to help block these pesky RFID signals.
‘Criminals with very minimal technical skills have created devices similar to the scanner which vendors such as grocery stores use,’ the website description reads.
It comes in a range of colors and can also be worn over the shoulder thanks to the chain strap.
According to the United States Federal Trade Commission, identity theft had been holding steady for the last few years, having seen an increase of 21 per cent in 2008.