NFC – Page 17 – WindowsTechs.com

How secure is Google’s/Android’s Smart Lock functionality?

Posted on January 16, 2017 by Socob

Newer Android phones (since Android 5, “Lollipop”) have the Smart Lock functionality that allows one to unlock the phone, among other ways, with a trusted device (Bluetooth or NFC) instead of entering the usual PIN, pattern or password.

I’m asking about NFC in particular. How secure is Smart Lock when configured to unlock the phone when a specific NFC tag is activated?
I’m worried that someone could simply create an NFC tag with the same ID as mine (since NFC activates just by touching something, it’s very difficult to protect an NFC tag from being read at all times).
Note that I’m not asking about the case where my NFC tag is stolen – obviously, my phone would no longer be safe in that case.
What I’d like to know is how secure the technical implementation is, i. e. how can Smart Lock be sure that it’s really my NFC tag and prevent being fooled by something pretending to be my NFC tag.

In my case, the “NFC tag” is my YubiKey NEO. Their FAQ page makes some worrying statements:

Can the YubiKey NEO be used as a Smart Lock device for Android Lollipop?

Yes, the YubiKey NEO can be used as an NFC tag registered for Smart
Lock on Android Lollipop devices. For more information, see the
Android support page.

Note: Android’s SmartLock features uses a static 7 byte ID, which does
not conform to Yubico’s security threshold standards. We recommend
users consider this feature a convenience and not a strong
authentication replacement.

Continue reading How secure is Google’s/Android’s Smart Lock functionality?→

mifare classic 1k for micropayments

Posted on November 27, 2016 by jldesings.eu

Can Mifare Classic 1k be used for micro payments in a secure way?

I have a system in mind for use in a arcade game saloon. You are getting a card from cashier and can top it up for example with 100 points (they are written o… Continue reading mifare classic 1k for micropayments→

Loop of Confidence

Posted on November 10, 2016 by Denis Gorchakov

With the arrival of Apple Pay and Samsung Pay in Russia, many are wondering just how secure these payment systems are, and how popular they are likely to become. In our opinion, these technologies require a more detailed examination and a separate evaluation of the threats they face. Continue reading Loop of Confidence→

Contactless credit cards security

Posted on November 8, 2016 by Burgi

In the UK there has been a large increase recently in the use of contactless card payments (you pay by waving your card over a reader). Prior to this the primary way to pay with a card was to use “chip and PIN” where you inse… Continue reading Contactless credit cards security→

Can we capture security key used in an NFC connection for Mifare Classic?

Posted on October 22, 2016 by PMD

Millions of NFC Mifare Classic cards are used for public transport, access control and other purposes. These NFC tags use encryption so that the data on NFC tag cannot be read or changed by someone who scans the tag without … Continue reading Can we capture security key used in an NFC connection for Mifare Classic?→

Is it possible to clone an NFC/RFID chip that uses IsoDep, NfcA and NdefFormatable

Posted on October 18, 2016 by Forivin

I have an NFC/RFID keychain that looks pretty much like this one:

When I read it with an Android app called “Nfc Reader”, it shows me a specific ID (always the same) and it says that these technologies are used: IsoDep, NfcA, NdefFormat… Continue reading Is it possible to clone an NFC/RFID chip that uses IsoDep, NfcA and NdefFormatable→

Future attack scenarios against ATM authentication systems

Posted on September 22, 2016 by Olga Kochetova

The report comprises two papers in which we analyze all existing methods of authentication used in ATMs and those expected to be used in the near future, including: contactless authentication through NFC, one-time password authentication and biometric authentication systems, as well as potential vectors of attacks using malware, through to network attacks and attacks on hardware components. Continue reading Future attack scenarios against ATM authentication systems→

Skin Bling: Wearable Electronics from Golden Temporary Tattoos

Posted on August 16, 2016 by Adam Fabio

MIT Media Lab and Microsoft have teamed up to take wearable devices one step further — they’ve glued the devices directly to the user’s skin. DuoSkin is a temporary tattoo created with gold leaf. Metallic “Flash” temporary fashion tattoos have become quite popular recently, so this builds on the trend. What the team has done is to use them to create user interfaces for wearable electronic devices.

Generally speaking, gold leaf is incredibly fragile. In this process to yield the cleanest looking leaf the gold is not actually cut. Instead, the temporary tattoo film and backer are cut on a …read more

Continue reading Skin Bling: Wearable Electronics from Golden Temporary Tattoos→

How does TLS over NFC works?

Posted on August 10, 2016 by Joly

I’m reading about NFC and how its security can be enhanced. I read somewhere that it is possible to use TLS over NFC. Unfortunately, I can’t find any more information on that topic.

How does TLS over NFC works ? Is it someth… Continue reading How does TLS over NFC works?→

How can RFID/NFC tags not be cloned when they are passive technology?

Posted on August 1, 2016 by stenlan

Everywhere a question like this is asked, I see people responding that (in a scenario where a card is used) the card does some processing with the data it receives/generates some data when it receives a signal. How is this po… Continue reading How can RFID/NFC tags not be cloned when they are passive technology?→