How secure is NFC on mobile devices?

Question

Near field communication is becoming more commonly available in modern mobile devices, such as smartphones and tablets. This functionality can be used to communicate between such devices, or with standalone NFC terminals such as payment points.

What vulnerabilities might this open us up to? What security standards are implemented to prevent eavesdropping? Are there any practical (known) attacks using NFC that are worth knowing about?

Answer 1

Like bluetooth and 802.11, I think we will see eavesdropping used in many attacks. I suspect that some variant of the classic man-in-the-middle attack will crop up too, despite being mitigated as much as possible in the design of the specifications. Although I don't have practical experience or familiarity with these attacks, I can point you to a few articles that you may want to check out:

• Slides: "Practical Experiences with NFC Security on mobile Phones"
• Security in Near Field Communication
• Security Risks of Near Field Communication
• A presentation on NFC security at BlackHat USA 2012
• Summary of blackhat presentation