NFCdrip Attack Proves Long-Range Data Exfiltration via NFC
NFC enables two devices to communicate over distances of up to 10 cm (4 in). The system, present in most modern smartphones, is often used for making payments, sharing files, and authentication.
Pedro Umbelino, senior researcher at application security firm Checkmarx has demonstrated that NFC can actually work over much longer distances and it can be highly efficient for stealthily exfiltrating data from air-gapped devices that have other communication systems – such as Wi-Fi, Bluetooth and GSM – disabled.
The attack, dubbed NFCdrip, involves changing NFC operating modes to modulate data. In the case of Android, changing NFC operating modes does not require any special permissions, making the attack even easier to launch.
NFCdrip uses on-off keying (OOK), the simplest form of amplitude-shift keying (ASK) modulation, in which the presence of a carrier wave signals a “1” bit and the absence of a wave a “0” bit. The exfiltration of 8 bits is required to send out one character, but researchers typically also suggest the use of additional bits for error detection.
In his experiments, Umbelino showed how a piece of malware installed on an Android smartphone can be used to transmit a password over tens of meters to another Android phone that is connected to a simple AM radio.
The researcher showed that data can be transmitted over a distance of 2.5 m (8 ft) without any errors at a rate of 10-12 bits per second. The transfer rate is maintained on a distance of 10 m (32 ft), but some errors appear, although they are corrected. As the distance increases, the signal fades and the number of errors increases, but Umbelino did manage to transfer some data over a distance of more than 60 m (nearly 200 ft). He also managed to exfiltrate data through walls over a distance of 10 m.
The range can be extended significantly if an AM antenna and a software defined radio (SDR) dongle are used, the expert said.
Umbelino noted that the attack may even work on some devices when airplane mode is activated, and highlighted that this is not an Android-specific issue – NFCgrip attacks can be conducted on laptops and other types of devices as well.
Checkmarx plans on making the NFCgrip PoC application open source. In the meantime, several videos showing the experiments conducted by Umbelino and a Hack.lu talk discussing the findings have been made available.
Müəllif
Metbuat.az
Qaynar xətt
0552252950
Həmçinin oxu
Süni intellekt üçün internet “Bakcell”dən
en.ictnews.az
DİGƏR XƏBƏRLƏR
Daha çox »Top xəbərlər
Layihələr
Son xəbərlər
Nazir ona vəzifə verdi
Bu gün
·
18:18
Milli Məclisin növbədənkənar sessiyasının son iclası keçiriləcək - YENİLƏNİB
Bu gün
·
17:28
Hərbçimiz vəfat etdi
Bu gün
·
17:08
Hasil Abbasov üç nəfərə yüksək vəzifə verdi
Bu gün
·
17:06
Şimşək çaxacaq, dolu düşəcək - XƏBƏRDARLIQ
Bu gün
·
17:04
Əli Əsədov Rusiyanın səhiyyə naziri ilə görüşdü
Bu gün
·
16:47
Rafael Ağayevə ağır itki üz verdi
Bu gün
·
16:35
Paytaxtda maşından meyit tapıldı
Bu gün
·
16:25
Azərbaycanda bank kartları ilə bağlı mühüm açıqlama
Bu gün
·
16:08
“Azərsun Holdinq” şəkər çuğunduru emalı həcmini 800 min tona qaldıracaq
Bu gün
·
15:54
Moda dizayneri Kamilla Məmmədzadə "Yes Couture"brendi ilə birlikdə Azərbaycan xalçalarından ilhamlanan kolleksiyasını təqdim etdi – FOTO
Bu gün
·
15:50
Salahın meneceri Türkiyədə: Bu kluba keçir
Bu gün
·
15:33
Oğuzda meyit tapıldı
Bu gün
·
15:25
Geomaqnit qasırğası olacaq
Bu gün
·
15:05
İstedadlı futbolçu qərarını verdi
Bu gün
·
14:47