<h1>Misconceptions about NFC</h1><div id=post-info><div id=date><span id=publish>2024-01-19</span></div><div id=tags><a href=https://devraza.giize.com/tags/nfc><span>#</span>nfc</a><a href=https://devraza.giize.com/tags/social-engineering><span>#</span>social engineering</a><a href=https://devraza.giize.com/tags/hacking><span>#</span>hacking</a></div></div><blockquote class="callout alert"><div class=icon><svg viewbox="0 0 24 24" height=20 width=20 xmlns=http://www.w3.org/2000/svg><path d="M4.00098 20V14C4.00098 9.58172 7.5827 6 12.001 6C16.4193 6 20.001 9.58172 20.001 14V20H21.001V22H3.00098V22H4.00098ZM6.00098 20H18.001V14C18.001 10.6863 15.3147 8 12.001 8C8.68727 8 6.00098 10.6863 6.00098 14V20ZM11.001 2H13.001V5H11.001V2ZM19.7792 4.80761L21.1934 6.22183L19.0721 8.34315L17.6578 6.92893L19.7792 4.80761ZM2.80859 6.22183L4.22281 4.80761L6.34413 6.92893L4.92991 8.34315L2.80859 6.22183ZM7.00098 14C7.00098 11.2386 9.23956 9 12.001 9V11C10.3441 11 9.00098 12.3431 9.00098 14H7.00098Z" fill=currentColor></path></svg></div><div class=content><p><strong>Alert</strong><p>I made a mistake while writing this blog post - somehow forgetting that security isn't unambiguous. You can actually skim NFC chips from a certain distance (having a limited distance is still an important factor though!), and though I think some of what I said below still applies you're better off ignoring it all.<p>There are, of course, a whole range of problems with skimming NFC chips from a distance so my point - don't be so worried - would still stand.<p>Either way, I recommend you take this with a grain of salt.</div></blockquote><h1 id=introduction>Introduction<a aria-label="Anchor link for: introduction" class=zola-anchor href=#introduction>#</a></h1><p>NFC (short for Near-Field Communication) is the set of communication protocols which allow for <em>near-field communication</em> between two electronic devices. One of the most prominent uses of this technology are contactless transactions - this includes services like Google and Apple Pay as well as all of your contactless-enabled cards.<p>It's been a while since my last blog past, but this one will be brief too - I'm writing here for the sake of clearing up some misconceptions people have about NFC.<h1 id=the-misconceptions>The Misconceptions<a aria-label="Anchor link for: the-misconceptions" class=zola-anchor href=#the-misconceptions>#</a></h1><h2 id=inspiration>Inspiration<a aria-label="Anchor link for: inspiration" class=zola-anchor href=#inspiration>#</a></h2><p>While talking with a friend on a WhatsApp group chat a few days ago about a program I found on my jailbroken iOS device - <a rel="nofollow noreferrer" href=https://github.com/Aemulo>Aemulo</a> - I was informed of 'subway skimmers'; devices that could <em>supposedly</em> read data from contactless-enabled devices (via NFC) and would be able to emulate them.<p>The idea behind the above example was that someone with malicious intent could place such a device in a public location and take their contactless devices for their malicious purposes. When I heard of this, my first thought was: <a rel="nofollow noreferrer" href=https://devraza.duckdns.org/blog/hoaxes-overview/>hoax</a>, and I think that it was rightfully so.<h2 id=what-exactly-is-wrong-with-this>What exactly is wrong with this?<a aria-label="Anchor link for: what-exactly-is-wrong-with-this" class=zola-anchor href=#what-exactly-is-wrong-with-this>#</a></h2><p>Several things. I'm no expert in cybersecurity - everyone's a student in some way, but I was sure that NFC was, as it's name implies, for <strong>near-field communication</strong>. I'm repeating myself here, but that's kind of the point. Various reliable resources, including Wikipedia, show that NFC has a maximum range of only a few centimetres - which makes sense, no?<p>And yet, whatever source my friend had for 'subway skimmers' gave the impression, or otherwise stated, that it would work within a radius of a few feet, which is just impossible. Upon voicing my doubts, I was then told that 'with a powerful enough antenna, it's possible'. Hoaxes sure are convincing, aren't they? Unfortunately, I am not able to find the source of my friend's misinformation.<p>See, NFC only works within a few centimetres anyways. Even if it could <em>magically</em> work within a radius of a few feet, you've got to take in the electromagnetic interference that the clothes and wallets people have would bring to any malicious device. The point of electromagnetic interference is especially true over a <em>huge</em> area of a few feet (relatively), where you've got several NFC-enabled devices.<h2 id=where-it-s-actually-an-issue>Where it's actually an issue<a aria-label="Anchor link for: where-it-s-actually-an-issue" class=zola-anchor href=#where-it-s-actually-an-issue>#</a></h2><p>Of course, that isn't to say there aren't any issues with NFC and malicious readers - I'm just saying that the word getting around is horribly unrealistic. For example, a <em>realistic</em> example of a malicious NFC reader would be one placed on the card slots in cash machines - you get:<ul><li><input checked disabled type=checkbox> The short range (< ~20 cm)<li><input checked disabled type=checkbox> Only one device<li><input checked disabled type=checkbox> Lots of devices to read!</ul><p>And so, you've got someone so much more realistic that poses an actual threat!<h1 id=conclusion>Conclusion<a aria-label="Anchor link for: conclusion" class=zola-anchor href=#conclusion>#</a></h1><p>The information above, which I deem accurate, is there. 