Collaborate Disseminate
Can BLE U2F security keys used on Chrome for macOS/Windows for any site supporting U2F USB keys as a second factor?
What sites/apps can I use NFC/BLE U2F keys for on NFC-supporting Android smartphone?
Specifically interest… Continue reading Where can I use BLE/NFC U2F device?
Can BLE U2F security keys be used on Chrome for macOS/Windows for any site supporting U2F USB keys as a second factor?
What sites/apps can I use NFC/BLE U2F keys for on NFC-(and BLE-)supporting Android smartphone?
Specific… Continue reading Where can I use BLE/NFC U2F device?
So, I have this public transportation card, as well as a card that grants access to my school and lastly one that grants access to my work’s office building.
My android device doesn’t allow me to create a “Wallet” containing… Continue reading Is there a reason why Android blocks emulating a RFID tag?
Newer Android phones (since Android 5, “Lollipop”) have the Smart Lock functionality that allows one to unlock the phone, among other ways, with a trusted device (Bluetooth or NFC) instead of entering the usual PIN, pattern or password.
I’m asking about NFC in particular. How secure is Smart Lock when configured to unlock the phone when a specific NFC tag is activated?
I’m worried that someone could simply create an NFC tag with the same ID as mine (since NFC activates just by touching something, it’s very difficult to protect an NFC tag from being read at all times).
Note that I’m not asking about the case where my NFC tag is stolen – obviously, my phone would no longer be safe in that case.
What I’d like to know is how secure the technical implementation is, i. e. how can Smart Lock be sure that it’s really my NFC tag and prevent being fooled by something pretending to be my NFC tag.
In my case, the “NFC tag” is my YubiKey NEO. Their FAQ page makes some worrying statements:
Can the YubiKey NEO be used as a Smart Lock device for Android Lollipop?
Yes, the YubiKey NEO can be used as an NFC tag registered for Smart
Lock on Android Lollipop devices. For more information, see the
Android support page.Note: Android’s SmartLock features uses a static 7 byte ID, which does
not conform to Yubico’s security threshold standards. We recommend
users consider this feature a convenience and not a strong
authentication replacement.
Continue reading How secure is Google’s/Android’s Smart Lock functionality?
Can Mifare Classic 1k be used for micro payments in a secure way?
I have a system in mind for use in a arcade game saloon. You are getting a card from cashier and can top it up for example with 100 points (they are written o… Continue reading mifare classic 1k for micropayments
With the arrival of Apple Pay and Samsung Pay in Russia, many are wondering just how secure these payment systems are, and how popular they are likely to become. In our opinion, these technologies require a more detailed examination and a separate evaluation of the threats they face. Continue reading Loop of Confidence
In the UK there has been a large increase recently in the use of contactless card payments (you pay by waving your card over a reader). Prior to this the primary way to pay with a card was to use “chip and PIN” where you inse… Continue reading Contactless credit cards security
Millions of NFC Mifare Classic cards are used for public transport, access control and other purposes. These NFC tags use encryption so that the data on NFC tag cannot be read or changed by someone who scans the tag without … Continue reading Can we capture security key used in an NFC connection for Mifare Classic?
I have an NFC/RFID keychain that looks pretty much like this one:
When I read it with an Android app called “Nfc Reader”, it shows me a specific ID (always the same) and it says that these technologies are used: IsoDep, NfcA, NdefFormat… Continue reading Is it possible to clone an NFC/RFID chip that uses IsoDep, NfcA and NdefFormatable
The report comprises two papers in which we analyze all existing methods of authentication used in ATMs and those expected to be used in the near future, including: contactless authentication through NFC, one-time password authentication and biometric authentication systems, as well as potential vectors of attacks using malware, through to network attacks and attacks on hardware components. Continue reading Future attack scenarios against ATM authentication systems