Today’s smartphones use near field communication technology for a wide variety of purposes. This short range radio communications method allows the use of headsets, mobile payments, external speakers, keyboards and all sorts of other uses. As with any technology, however, the use of NFC communications provides attackers with another pathway to exploit security vulnerabilities. Learn about common proximity attacks including NFC attacks, Bluejacking and Bluesnarfing.
- [Instructor] Today's smart phones and other mobile devices use Near Field Communication or NFC technology for a wide variety of purposes. This short range radio communications technique allows the use of headsets, mobile payments, external speakers, keyboards and all sorts of other technologies. As with any technology however, the use of NFC communications provides attackers with another pathway to exploit security vulnerabilities. NFC communications cover very short distances.
They're designed to handle situations where devices are around 30 to 50 feet apart. Bluetooth is the most common NFC technology and most people are familiar with the use of Bluetooth to connect smart phones to car audio systems, external speakers and headsets. NFC Communications are very useful but can also be a source of security vulnerabilities. Bluejacking attacks occur when attackers use Bluetooth technology to send spam messages directly to a device. Typically, they try to convince the user to visit a website, or take some other action that will lead to a more advanced attack.
The reality is that bluejacking attacks are mostly a dated concept and they're rarely seen today. That said, they're covered on the exam, so you need to know about them. Bluesnarfing attacks were possible in older implementations of Bluetooth. Attackers were able to force pairing between a victim device and their own and then use that pairing to pull down or snarf contacts and other information from the device. The attacker could also monitor communications taking place using the device. You see the forced pairing attacks of bluesnarfing a lot on television, but it doesn't really happen anymore in practice.
There are a few simple things that you can do to improve NFC security. First, if you're not using NFC capabilities on a device, disable them. It's hard for someone to attack a technology if it's turn off. Second, apply firmware and operating system updates to devices regularly. If new NFC vulnerabilities occur, applying patches is the quickest way to correct them. Finally, just be aware. Know how you're using NFC technology and watch for unusual activity.
Fortunately, Near Field Communication technologies such as Bluetooth are well designed and allow for secure use. Organizations should ensure that they follow basic security principles to provide a secure NFC experience for users.
Learn about communication and networking best practices, including TCP/IP networking, network security devices, and secure network design and management. Instructor and cybersecurity expert Mike Chapple also includes coverage of converged protocols, network encryption, and wireless networking. You can find Mike's companion study books for this series at the Sybex test prep site and review the complete CISSP Body of Knowledge at https://www.isc2.org/cissp-domains/default.aspx.
- IP addressing
- Switches and routers
- Content distribution networks
- Designing secure networks
- Specialized networking
- Managing secure networks
- Working with virtualized networks like SDNs
- Detecting and preventing network attaches
- Transport encryption
- Wireless networking
- Host security