Today’s smartphones use near field communication technology for a wide variety of purposes. This short range radio communications method allows the use of headsets, mobile payments, external speakers, keyboards, and all sorts of other uses. As with any technology, however, the use of NFC communications provides attackers with another pathway to exploit security vulnerabilities. In this video, learn about common proximity attacks including NFC attacks, Bluejacking, and Bluesnarfing.
- [Narrator] Today's Smartphones and other devices use Near Field Communication or NFC technology for a wide variety of purposes. This short range radio communications technique allows the use of headsets, mobile payments, external speakers, keyboards, and all sorts of other technologies. As with any technology however, the use of NFC communications provides attackers with another pathway to exploit security vulnerabilities. NFC covers very short distances. They're designed to handle situations where devices are around 30 to 50 feet apart.
Bluetooth is the most common NFC technology and most people are familiar with the use of Bluetooth to connect Smartphones to car audio systems, external speakers and headsets. NFC communications are very useful but can also be a source of security vulnerabilities. Bluejacking attacks occur when attackers use Bluetooth technology to send spam messages directly to a device. Typically they try to convince the user to visit a website or take some other action that will lead to a more advanced attack. The reality is that Bluejacking attacks are mostly a dated concept and they're rarely seen today.
That said, they're covered on the security plus exam so you need to know about them. Bluesnarfing attacks were possible in older implementations of Bluetooth. Attackers were able to force paring between a victim device and their own and then use that paring to pull down or snarf contacts and other information from the device. The attacker could also monitor communications taking place using the device. You see the forced pairing attacks of Bluesnarfing a lot on television but it doesn't really happen anymore in practice.
There are a few simple things that you can do to improve NFC security. First, if you're not using NFC capabilities on a device disable them. It's hard for someone to attack a technology if it's turned off. Second, apply firmware and operating system updates to devices regularly. If new NFC vulnerabilities occur applying patches is the quickest way to correct them. Finally, just be aware. Know how you're using an NFC technology and watch for unusual activity.
Fortunately, Near Field Communication technologies such as Bluetooth are well-designed and allow for secure use. Organizations should ensure that they follow basic security principles to provide a secure NFC experience for users.
- Comparing viruses, worms, and Trojans
- Backdoors and logic bombs
- Understanding the attacker
- Attack types: from denial of service to brute force attacks
- Preventing insider threats
- Wireless attacks
- Understanding cross-site scripting
- Preventing SQL injection
- Social engineering
- Scanning for vulnerabilities
- Penetration testing
- Assessing the impact of vulnerabilities