You've been redirected from MobilePaymentsToday.com to PaymentsDive.com. In March 2021, Mobile Payments Today became a part of Payments Dive. For the latest payments news, sign up for the daily newsletter.

NFC Forum issues statement on supposed hack

Published

Aug. 6, 2012

The security of NFC — or lack thereof — was much discussed after security expert Charlie Miller showed off a "hack" of several mobile devices at the recent Black Hat USA 2012 conference. Miller used built-in NFC capabilities in the devices to hijack them. The hack, however, was more a demonstration of potential issues with older versions of Android and Nokia mobile operating systems than it was a statement about any issues with the underlying NFC technology.

Basically, Miller was able to insert malicious code into mobile devices set to automatically run files they receive from another device via NFC. That's the default setting for some mobile devices and operating systems, and it leaves them open to being hijacked.

Unfortunately for NFC and mobile payments technologies, neither of which were shown to be insecure, the demo was followed by erroneous headlines about how a phone's "mobile payment chip" could lead to the device being hijacked.

Enter the NFC Forum, an industry association made up of technology companies, handset manufacturers and the others interested in promoting NFC. The forum also works to establish NFC standards and specifications so that the technology can be used across a number of applications. The group's director Debbie Arnold responded to the story in an attempt to allay any fears about NFC technologies.

In an email to NFC World, Arnold said the NFC Forum recognizes that NFC security is of utmost importance and it supports an active, dedicated security working group to address those issues. 

Miller's demonstration of a potential hack using NFC, Arnold said, "underscores the importance of providing appropriate security measures at the application layer and enabling users to adjust security settings to suit their own needs and preferences."

Arnold said the NFC Forum continues to push for security measures that effectively safeguard confidential user data.

For his part, Miller told NFC World that he hopes changes will be made to devices to let users choose whether they automatically accept and run files via NFC.

For more stories like this, visit the Security research center.