Exploring the Safety of NFC Tags: A Complete Guide
Almost every country in the world has already transitioned to contactless transactions. One simply takes out their phone to process payment when paying for something. Compared to the traditional way, this modern method is more efficient.
NFC allows wireless communication between two devices. It is usually ingrained into small tags to allow data transfer. Data is often passed between nearby gadgets such as laptops, phones, and tablets.
Over the years, this holy grail became a popular choice for different fields. With its fast-rising popularity, we pose the question, “Are NFC tags safe”? Read on to understand NFC and its safety features.
Understanding NFC Technology
NFC tags and RFID tags are often compared to one another. While these two are quite similar, they are different in many aspects. RFID tags rely on one-way communication. Meanwhile, NFC tags can have both one- and two-way communication methods.
How does NFC technology work?
Simple NFC tags and readers exchange information through radio waves. The tags emit waves that would activate the receiver’s antenna. It is then up to the recipient to validate the necessary information. By doing so, it ensures safe and secure information exchange.
NFC tags can work without a power source, such as a battery. They retrieve power from other devices, such as laptops and smartphones. The only disadvantage of this technology is its short-distance scanning. Its range is only around 4 inches.
A general safety feature of NFC is that the reader can only connect to one tag. This process minimizes accidents and mishandling during transactions. NFC chips are the only ones to exchange confidential details when you pay using NFC.
Since this technology follows such an operation, smartphones can act as traditional cards. Good news: you don’t need to worry about keeping many cards in your wallet. They can now be placed on your smartphone.
Tag Type Descriptions of NFC in the Market
Before we talk about the safety features, let us first discuss a few defined NFC tag types. It will provide you with more details about their format and capacity.
Each tag type is designated a number from 1-4 based. The tag types are mainly rooted in Sony FeliCa (ISO 18092) and the international standard (ISO 14443 Types A and B).
Tag 1 Type
This tag type conforms to the ISO14443A standard. It means that NFC tags can read and rewrite. They can also be set to read-only versions. It can store small data as well as a website URL. This tag type can do so since it has 96 bytes to 2 kbytes.
Since it has 106 kbit/s, it is mostly suitable for simple NFC applications. In addition to this, it has become more cost-efficient.
Tag 2 Type
Like tag 1, it also conforms to ISO14443A. Tag 1 and Tag 2 have the same function communication speed. Their only difference is their memory since tag two only starts at 48 bytes but is expandable to 2 kbyte.
Tag 3 Type
Unlike the first two, this type is based on Sony FeliCa. It is perfect for more complex applications since it has a communication speed of 212 kbit/s. In addition to this, it boasts a memory capacity of 2 kbyte. However, because of its promising features, it is not cost-friendly.
Tag 4 Type
The great thing about this type is its compatibility with ISO14443A and B. The NFC can perform read/ rewrite or read-only operations. Among the four of them, it has the biggest memory capacity ranging up to 32 kbytes. It also has a communication speed that runs between 106 to 424 kbit/s.
Security Features of NFC Tags
Encryption in NFC Technology and Data Protection Mechanisms
- AES (Advanced Encryption Standard)
The AES, or Advanced Encryption Standard, secures classified details. It follows a symmetric block cipher that was handpicked by the United States government. It primarily protects government computers from cyberattacks and keeps information safe.
As time passed by, this encryption improved. It can now be implemented into both hardware and software. By doing so, it also functions in limited surroundings, such as smart cards and NFC tags.
- Password Protection for NFC tags
Every card or social media account we make requires us to add a password. It acts as a verification to ensure you are the account’s rightful owner. The same thing goes for NFC tags.
They use this most basic authentication in NFC technology as a PIN. After entering the correct one will allow you to access your data. With the wrong password, unauthorized users cannot modify any info present on the tag.
- Session Key Establishment
The establishment of session keys is usually done whenever there are events. Since they are not permanent, they can last for a certain duration.
For example, organizers set this NFC tag encryption in a concert for 5 hours. The devices will generate the session key and exclusively work for this time. The purpose of this feature is to enhance the security of data exchange.
Authentication processes in NFC technology
- Basic Authentication
The simplest form of Near Field Communication security is using a secret key or password. NFC devices can safely exchange authenticated data if they process the same credentials.
- Challenge-Response Authentication
As its name suggests, it requires a challenge to verify you. The process starts with the NFC reader assigning a challenge for the tag to respond to. Once the answer is correct, the tag is authenticated.
Compared to the basic type of authentication, this one adds a layer of security. It is because it requires one party to prove their identity first.
- Public Key Infrastructure (PKI) Authentication
The public key infrastructure (PKI) authentication incorporates public and private key pairs. These keys will facilitate the verification process of communicating devices.
It works with the reader having a private key to respond to the tag’s public key. The private one decrypts the data encrypted by the public one. This process ensures that only the verified reader can access the tag’s data.
Common security standards for NFC tags
The ISO/IEC 14443 standard sets the parameters for contactless smart cards, tags, and proximity cards. It is used not only in a single country but also internationally. It is very important for NFC and RFID technology since it sets the protocols. The ISO/IEC 14443 is divided into two main parts: the A and the B.
Frequency: 13.56 MHz
Coding: Data modulation utilizes Manchester coding.
Anti-Collision: It uses the “cascade” anti-collision feature that lets multiple cards communicate without interference.
Frequency: 13.56 MHz
Coding: Data modulation utilizes BPSK (Binary Phase Shift Keying)
Anti-Collision: It has an anti-collision mechanism different from ISO/IEC14443A.
Potential Risks Associated with NFC Tags
It is better that we now know the safety features of NFC tags. However, why do we need to have such features? It is because you can never be too safe, especially when dealing with confidential data.
Below are a few potential risks of NFC tags if standard safety features are not implemented.
1. Data interception and unauthorized access
NFC tags communicate only within a few centimeters. Despite its short range, attackers can still steal your data if they are close enough to your NFC-enabled device.
It could happen when the attacker possesses a specialized tool. The tool is used to eavesdrop on the communication process of the reader and the tag. They may get your confidential data, financial details, and personal information during interception.
Aside from NFC tag data interception, unauthorized access may occur. The short-range feature of NFC may allow an unauthorized person to gain physical access to the tag. It may happen when they bring an NFC device close to the tag.
The dangerous thing about this is that the attacker may modify, override, or rewrite the data on your tag. It could lead to data manipulation and security breaches.
2. Malicious Content and Malware Risks in NFC
Once attackers get hold of your NFC tag, they may attempt to modify it. They can interject harmful data into the tag. When the legit owner uses its NFC tag, the malicious content may be downloaded onto their device.
It could then lead to the installation of malware. Once it penetrates your device, they can access sensitive information. In other cases, they can control the activity of the device remotely.
We cannot deny the fact that NFC technology offers convenience. The NFC tags promote efficiency in our day-to-day activities. It makes things easier for different fields by facilitating access control, payments, and healthcare processes.
When using technology, there could be security breaches and malfunctions. That is why it is important to know more about what you are using. Always ask yourself, “Am I secure?”
With the help of this guide, we will enlighten you with the safety measures of NFC tags. As technology progresses, vigilance and proactive security measures are what we need. Not only do they mitigate potential risks, but they also let us sleep soundly at night.