A hidden antenna was used by researchers to test the ease of sensitive customer data theft.
A paper was recently published, entitled “Eavesdropping near field contactless payments: a quantitative analysis”, which detailed a study in which researchers examined mobile safety attacks through NFC technology security meant for contactless payments transactions.
The researchers made an antenna that they hid on shopping carts using low cost electronics.
Their explanation for this effort was to test NFC technology security with a near field communication inductive loop antenna, which was employed for mimicking an ISO 14443 transmission. Then, in order to be able to actually “eavesdrop”, there was a second, identical inductive loop antenna that was installed onto a shopping cart, which they modified in order to transmit in a way that was like an antenna.
Even though NFC technology security has been touted as safe, researchers found the opposite.
The researchers in this study found that although near field communication based contactless payments are becoming increasingly popular in the United Kingdom and Europe, and that consumers are trusting this tech as safe, these transactions are actually more vulnerable than had previously been thought.
The belief that there could be problems is not new as some had already been pointing out certain vulnerabilities – three, in fact – as early as 2008. Since that time, hacking into near field communications transmissions for payments and directly relaying, skimming, or eavesdropping on sensitive data transmissions from customers has been in the spotlight.
Until now, services had not known how to make this tech both simple and reliable. This is how these transactions are now often viewed. However, these researchers, who are from the University of Surrey, have now looked further into the safety of the tech through the use of cheap and easily accessible electronics from stores. They were able to measure the distance, success rates, and a number of other factors.
What they showed, was that NFC technology security isn’t as high as some might think. They determined that if an attacker with the same equipment was to head out and “shop” for a consumer’s payments data, it would not be difficult for a cyber attack to occur through the use of these electronics, while pointing a shopping cart at the victim as he or she pays for the purchase.