01-27-12 07:13 AM
26 12
tools
  1. Vijik's Avatar
    So if I understand how NFC works...You store personal info or security access on your Phone or PB that if someone else has an NFC device they can tap your device and gain access to that info or steal the security settings. I see more downside than up when it comes to security risk. Talk about identity theft.
    That is not how NFC works.

    What you get in your secure chip (New SIMs or secure/embedded chips) is an applet that runs on its secure environment behind tons of hardware/software security walls designed to avoid intruders to access that applet or its data.
    The applet is able to talk to a NFC reader based on challenge-response mechanism. A mechanism that (if designed properly by vendors like credit card companies) avoids anyone to either access your applet or secrets about it. A mechanism that doesn't allow anyone to even sniff and replay your NFC transaction (the communication between reader and secure chip is a function of a long random number, a number that is changed for each transaction).

    Now, what information is sent by that secure applet (running in a secure environment) to the NFC reader is based on how vendors implement it. Sometimes, credit card companies just create a simple system (low security) to avoid changing all the readers and they are prepared to pay the fraud cost (less than max $25 for each transaction?).

    For access control use case, it is a different story. I don't think that access control companies want/can be liable for access control fraud.
    So they will make sure that their applet doesn't send anything that can be abused.
    01-27-12 07:13 AM
26 12
LINK TO POST COPIED TO CLIPBOARD