NFC – Page 15 – WindowsTechs.com

“Borrow” Payment Cards with NFC Proxy Hardware

Posted on July 31, 2017 by Mike Szczys

Contactless payments are growing in popularity. Often the term will bring to mind the ability to pay by holding your phone over a reader, but the system can also use NFC tags embedded in credit cards, ID card, passports, and the like. NFC is a reasonably secure method of validating payments as it employs encryption and the functional distance between client and reader is in the tens of centimeters, and often much less. [Haoqi Shan] and the Unicorn team have reduced the security of the distance component by using a hardware proxy to relay NFC interactions over longer distances.

Chips with everything – are you ready to be bio-hacked?

Posted on July 26, 2017 by John E Dunn

News that a US company is ‘bio-hacking’ its employees with RFID chips is a publicity stunt – but it does raise issues of security and ethics Continue reading Chips with everything – are you ready to be bio-hacked?→

What should I know to prevent relay attack on NFC?

Posted on July 21, 2017 by Asif Sanjary

I am doing thesis on “NFC relay attack” in my BSc last year. I have studied 10-15 papers and learned the basics of NFC and relay attack. Still I am no where near to understand how relay attack is performed on NFC and how the … Continue reading What should I know to prevent relay attack on NFC?→

How secure is a mobile e-banking authentication app that requires an NFC card plus a pin to authenticate the user?

Posted on July 19, 2017 by Mark Anderson

Many banks these days offer online banking (in a web browser). To increase security, most banks require a standard login with a username (account number) and password, plus a code that is sent to your mobile phone to two-fact… Continue reading How secure is a mobile e-banking authentication app that requires an NFC card plus a pin to authenticate the user?→

Security implications of owning a German electronic ID card

Posted on July 9, 2017 by Byte Commander

I am German and about to renew my ID card.

Since around 2010, the new ID cards contain an electronic chip that can be used for e.g. online authentication. If I understood the documentation correctly, it is some kind of NFC … Continue reading Security implications of owning a German electronic ID card→

How do you disable the antenna on the chip on the contactless card [duplicate]

Posted on July 2, 2017 by Peter Olson

This question already has an answer here:

How to manually disable the no contact card?

2 answers

How can I physically dis… Continue reading How do you disable the antenna on the chip on the contactless card [duplicate]→

Making a Wearable NFC Bus Pass

Posted on June 20, 2017 by John Baichtal

[Stephen Cognetta] is trying to get the total number of things he owns down below 115, and he’s always looking for ways to streamline his life.

Toward this goal he dissolved his SF Transit Clipper Card in acetone to get at the NFC tag embedded inside. The tag consists of a tiny chip attached to an antenna the size of the card itself. It took about three days (video below the break) for the layers to separate and [Stephen] was able to extricate the tag.

He ended up trying a few different ways of storing the delicate chip and antenna, …read more

Continue reading Making a Wearable NFC Bus Pass→

How is a NFC session key created?

Posted on June 19, 2017 by Peer Gynt

I was reading MIFARE DESFire EV1 document and noticed this:

MIFARE DESFire EV1 and the reader device show in an encrypted way
that they possess the same secret which especially means the same key;
this not only confirms that both entities are permitted to perform
operations on each other but also creates a session key which can be
used to keep the further communication path secure; as the name
“session key” implicitly indicates, each time a new authentication
procedure is successfully completed a new key for further cryptographic
operations is generated

The not only part is easy to achieve. In the simplest form, ‘server’ can throw a random number at the card, and the card can reply with the hash of the secret + the random number.

The but also part, which is the establishment of a session key, is a bit hand-wavy. Since both side already have a common secret, why do you need a session key, and not just use the common secret as a session key?

Note that this question has nothing to do with public key systems or asymmetric encryption or digital signature. In this case, both sides know the same secret.

Continue reading How is a NFC session key created?→

Is it possible to disable NFC on credit card?

Posted on June 18, 2017 by changer

I have credit card with wireless payment.

For low prices it does not require to enter pin code.

An attacker with 100$ device can take these money whithout my knowledge.

Of course, I can configure day limits but as I know w… Continue reading Is it possible to disable NFC on credit card?→