Future Watch V: NFC and Shopping apps security risks

Imagine a scenario where a customer walks into a supermarket to buy groceries. She receives a greeting and a list of offers and discounts for the day on her phone. The store then prepares a customizable shopping list based on past purchases. The store then provides an in-depth mapped shopping path.

The customer then scans an item through a barcode reader and views the pertinent manufacturing details along with reviews and offers by rival stores. At the bill counter she simply scans her NFC enabled phone and walks out. The payment is made automatically.

Smartphones and portable devices are changing the face of the retail industry. NFC, barcode scanners and other such technologies are lending customers a flexibility that has never been seen before. While the above scenario sounds exciting, there are several security risks that people need to be forewarned about.

What is NFC technology
NFC stands for Near Field Communication. This is a form of wireless radio communication between two compatible devices and works only when they come into close proximity with each other. NFC is very similar to RFID signals and is most commonly used for commerce purposes, especially for making payments. All an individual needs to do is integrate their credit card details with the NFC service.

Practical implications of NFC
The scenario described above showcases the utility of NFC. It simplifies the act of making a payment and simply kills the need to carry cash or a card. The payment is made automatically and instantly thereby making it really convenient.

Shopping applications can also be used in conjunction. Such apps provide value added services when a person enters a store. These services include reviews, availability, related products and competitor offerings. All major stores will soon develop their unique apps to provide such services. Moreover, they will study consumer behavior and trends and provide more data to store owners and better services to customers.

Security risks involved

  • Device loss – If an individual loses their NFC device, anyone who gets their hands on it can misuse it. This will expose the owner’s credit card details and bank accounts to a malicious party. Security passwords only offer one layer of protection. An enhanced protection system that offers multi-layered protection is necessary.
  • Eavesdropping – If someone intercepts the signal between two NFC devices, the data can be misused or altered. In the scenario above, an attacker standing nearby can devise a method to intercept the NFC signal. He can then block the transaction, steal bank account information, steal credit card information or cause denial of service.
  • Privacy concerns – Apps that monitor people within stores can invade privacy and record data. This data could be used for generating ads and offers but it also could be shared with malicious parties. False ads and fake reviews could also be created to entice people. Buying patterns and usage patterns of users could also be recorded and studied.

Effective mobile scanning software will be the solution to these issues. Unsafe programs and unauthorized monitoring will be reported and handled by such suites. As time goes by, more malware will be developed to target this feature. The detection and handling of such malware requires a new approach from security firms. We here at Quick Heal will continuously monitor these trends and offer the necessary protection to our users.

Rahul Thadani

Rahul Thadani


4 Comments

Your email address will not be published.

CAPTCHA Image

  1. Thanks rahul for updating on NFC
    Still now was aware of RFID and all.. the NFC was new to me but really security is part and parson of each technology and device.
    If possible plz share precise the Link for information on NFC.

    Reply
    • Rahul Thadani Rahul ThadaniAugust 1, 2012 at 9:56 AM

      Hi Sameer,
      Thanks for reading. We will be updating more information about this topic, so continue visiting our blog.

      Reply
  2. Hi Rahul,
    Really nice blog,
    I just want to know about ,How Eavesdropping is possible?
    because distance between two devices is nearly 4cm.
    Thanks.

    Reply
    • Rahul Thadani Rahul ThadaniSeptember 26, 2012 at 3:16 PM

      Hi Rohit,
      Eavesdropping can be done in many clever ways. An attacker can stand really close in a crowded room and achieve this. Alternately, an attacker can develop a technology for eavesdropping that can be used over larger distances as well.

      Reply