- Security TWENTY
- Women in Security
Warnings about the use of contactless payment cards and Near Field Communication (NFC) capable devices are raised in a study published by the Institution of Engineering & Technology’s (IET) The Journal of Engineering.
Researchers from the University of Surrey received a contactless transmission from distances of 45cm to 80cm using inconspicuous equipment, highlighting security concerns to personal data. NFC is in use on more recent mobile phones and on contactless debit and credit cards issued by UK banks. The researchers used portable, inexpensive and concealable equipment including a pocket-sized cylindrical antenna, a backpack, and a shopping trolley. As the researchers say, none would raise suspicion in a supermarket queue or in a crowd. Using this equipment, the team showed how reliably eavesdropping could be carried out at various distances, with good reception possible even at 45cm when the minimum magnetic field strength required by the standard is in use.
The lead academic supervisor, Dr Johann Briffa, said: “The results we found have an impact on how much we can rely on physical proximity as a ‘security feature’ of NFC devices. Designers of applications using NFC need to consider privacy because the intended short range of the channel is no defence against a determined eavesdropper.”
Eleanor Gendle, IET Managing Editor at The Journal of Engineering, said: “With banks routinely issuing contactless payment cards to customers, there is a need to raise awareness of the potential security threats. It will be interesting to see further research in this area and ascertain the implications for users of contactless technology with regards to theft, fraud and liability.”
Paul Krause, Professor of Software Engineering at the University of Surrey, said: “Open access is vitally important in order to ensure that the results of publicly funded research are made available to all. It is particularly important for the stimulation of innovation in engineering where new enterprises may not have the financial resources to pay for a range of journal subscriptions. The IET has taken a very significant initiative in establishing a high quality open access journal that covers all aspects of engineering in one resource.”