Risks of NFC technology rise as contactless payments gain popularity

The festive shopping season has witnessed a notable increase in the use of Near Field Communication (NFC) technology among smartphone users, who are increasingly opting for contactless payments and services instead of traditional credit cards and smart ticketing systems. However, as adoption grows, cybersecurity experts are raising concerns regarding the elevated risks associated with NFC tag tampering, which may expose users to a range of cyber threats, including phishing attacks, malware, and data theft.

Marc Rivero, the Lead Security Researcher at Kaspersky, outlined the inherent dangers of this technology in an interview with BusinessToday, stating that while NFC offers substantial convenience, it simultaneously creates opportunities for malicious activities. “Innocent-looking tags in public spaces can be reprogrammed or replaced to carry out harmful actions,” Rivero warned. As NFC usage expands across various sectors, encompassing payments, public transport, and marketing, the sophistication of malicious actors appears to be increasing, potentially affecting thousands of users, particularly in urban settings.

NFC tag tampering involves the manipulation of legitimate NFC tags utilised in marketing campaigns, public transport systems, and smart homes. These legitimate tags can be either reprogrammed or substituted with malicious ones, setting the stage for various cyber threats. For instance, compromised tags can redirect unsuspecting users to phishing websites which aim to harvest personal data or initiate harmful actions on their devices. Retail locations, transportation hubs, and cafes are highlighted as frequent venues for these kinds of attacks.

The potential consequences for users who inadvertently engage with a compromised NFC tag are serious. In addition to the risks of phishing that compromise personal information and login credentials, malicious tags can exploit vulnerabilities within a smartphone's NFC reader. This interaction could compel users into downloading harmful applications or files, potentially harming their devices and leading to significant concerns regarding privacy and financial loss.

To mitigate these risks, security experts recommend that users exercise caution by carefully inspecting NFC tags before interacting with them. Users should avoid scanning tags in dubious locations and should verify the actions prompted by a tag before proceeding. Additionally, enabling security features, such as requiring confirmation prior to executing NFC-related operations, along with keeping smartphones up to date and installing reliable security software, are deemed essential practices for users.

From a business standpoint, to combat the risks associated with NFC technology, experts suggest employing locked or “read-only” NFC tags that are resistant to tampering. Regular inspection of tags in public areas and educating both customers and employees on safe NFC practices are essential preventative measures.

As NFC technology continues to advance, experts advise users and organisations alike to maintain vigilance and take proactive steps towards safeguarding against the increasing threats posed by NFC tag tampering.

Source: Noah Wire Services