11

I'm starting my independent studies in RFID and NFC and am trying to understand how they relate to each other, and what security issues are common/unique to each.

  • Is RFID a superset of NFC? (or vice versa?)

  • Is all RFID / NFC hardware the same? (my Galaxy II has NFC, but Google payments isn't available)

  • Can a mobile phone with NFC / RFID "read" an ID badge, Easy Pass (for highway/bridge tolls), US Passport, credit card, or other object?

  • Does the ability to "read" an NFC object imply the ability to "copy" and emulate it? (Can I clone a credit card?)

makerofthings7
  • 50,090
  • 54
  • 250
  • 536
  • 1
    Some thoughts on NFC security: Security Now ep. 372 http://www.grc.com/securitynow.htm, but IIRC it does not address your specific questions –  Feb 13 '13 at 10:06

3 Answers3

13

Is RFID a superset of NFC? (or vice versa?)

To quote from the the Wikipedia article "NFC standards cover communications protocols and data exchange formats, and are based on existing radio-frequency identification (RFID) standards..." So RFID is just a name for devices that use radio frequencies to communicate and NFC is one of these.

Is all RFID / NFC hardware the same? (my Galaxy II has NFC, but Google payments isn't available)

All NFC hardware is the same, it works at 13.56MHz and has a data transfer rate of 106 kbit/s to 424 kbit/s, as described above NFC is a subset of RFID so whilst all NFC hardware belongs to the RFID category the reverse isn't necessarily true. The reason that Google Wallet doesn't work is that it requires in addition to NFC hardware that a secure element (SE) is in the device. A secure element is needed in order to store the card details etc. According to this and this the Galaxy S2 has no SE so can't use Google Wallet.

Edit: With the addition of Host Card Emulation in Android KitKat 4.4 it looks like Google is moving away from needing a Secure Element so there's a possibilty for Google Wallet working on all NFC enabled phones at some point in the future

Can a mobile phone with NFC / RFID "read" an ID badge, Easy Pass (for highway/bridge tolls), US Passport, credit card, or other object?

I'm from the UK so I'm not aware about the Easy Pass reading but if you own one you could try reading it using an app such as NFC TagInfo. However in general your NFC enabled phone should be able to read these cards, for example I can read my student card, passport, train pass and credit card all via the NFC in my phone. The credit card requires a more specialised application than other cards to be read but it can be done easily.

Does the ability to "read" an NFC object imply the ability to "copy" and emulate it? (Can I clone a credit card?)

NFC is just the standard for communication, it doesn't necessary imply anything about the object. For example a very popular form of access card for buildings is the MiFare Classic (my student card uses this). The chip in most (Android) phones allows emulation of this card, although the actual Android APIs don't currently allow for this easily. So you could emulate the data on the card however generally door access systems work with something called the Unique ID (UID) of each card to identify it and your phone doesn't allow for the setting of the UID so you can't use it as a door access.

Modern credit cards generally can't be copied, however this can depend on the country. In the USA I believe it's easier to clone cards as the banks there haven't all implemented what the UK calls Chip & PIN but is more generally known as EMV. EMV helps protects against cloning as each card has a cryptographic key that it uses to sign and then return some data that the ATM sends it. This key can't be (easily) extracted from the card meaning that you can't set up a fake card with the key. However it is possible to skim some data from a credit card using NFC and I've written my own app to do this. I was just looking for similar ones on the PlayStore to link to however it looks like Google is removing them and there used to be a lot more. It's possible to get information like card holder name, date of expiry and the card number.

N.B. I'm not sure why the site I linked to suggests skimming details from an NFC credit card in 2012 is new as it has been a known weakness for years. Part of my recent dissertation was on attacks on credit cards and I'll post a Q/A on here and link to that for more details as to why (modern) credit cards generally can't be skimmed and copied.

Community
  • 1
Peanut
  • 1,019
  • 1
  • 8
  • 22
4

To answer the question of copying/emulation yes it is possible but there are multiple standards for NFC transactions. There was research at blackhat that was presented that demonstrated credit card emulation but it required two devices, and one device had to be running a specific version of CyanogenMod that introduced the changes which allowed for skimming and replaying credit card data to allow emulating a credit card. Hope this helps some.

dudebrobro
  • 673
  • 3
  • 7
2

I believe NFC is a subset of RFID. NFC is itself a standard with multiple possible protocols. It only inter-operates with other devices that support NFC. EZ-Pass and many ID badges are not based in the NFC frequency bands and do not support any of the protocols so they are therefore unusable. There are some ID badges that are NFC based though.

NFC can operate in an active or passive capacity. When passive, a tag simply provides the information that it stores or receives the information being written to it, however in active, two way communications, it is possible for a cryptographic chip on the tag (or other device) to participate in a challenge/response, thus making cloning more difficult.

If a credit card is using paypass, then yes, it can be read. Cloning would likely depend on the implementation. (If the card is active challenge/response, then the key would be harder (requires physical tampering unless there is a problem in the protocol or algorithm used) to obtain.)

US Passports are also NFC compatible, though it requires support for the particular protocol which requires knowledge of certain key information from within the passport.

A passive card can easily be cloned, active cards (quite rare) using a challenge/response are far more resistant to tampering. Most, if not all, current attacks focus on the passive systems that can easily be cloned because even with most wireless payment cards, they didn't bother to use the challenge/response based systems.

AJ Henderson
  • 41,816
  • 5
  • 63
  • 110