Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

NFCdrip Attack Proves Long-Range Data Exfiltration via NFC

Researchers have demonstrated that the near-field communication (NFC) protocol can be used to exfiltrate small amounts of data, such as passwords and encryption keys, over relatively long distances.

Researchers have demonstrated that the near-field communication (NFC) protocol can be used to exfiltrate small amounts of data, such as passwords and encryption keys, over relatively long distances.

NFC enables two devices to communicate over distances of up to 10 cm (4 in). The system, present in most modern smartphones, is often used for making payments, sharing files, and authentication.

Pedro Umbelino, senior researcher at application security firm Checkmarx has demonstrated that NFC can actually work over much longer distances and it can be highly efficient for stealthily exfiltrating data from air-gapped devices that have other communication systems – such as Wi-Fi, Bluetooth and GSM – disabled.

The attack, dubbed NFCdrip, involves changing NFC operating modes to modulate data. In the case of Android, changing NFC operating modes does not require any special permissions, making the attack even easier to launch.NFCdrip

NFCdrip uses on-off keying (OOK), the simplest form of amplitude-shift keying (ASK) modulation, in which the presence of a carrier wave signals a “1” bit and the absence of a wave a “0” bit. The exfiltration of 8 bits is required to send out one character, but researchers typically also suggest the use of additional bits for error detection.

In his experiments, Umbelino showed how a piece of malware installed on an Android smartphone can be used to transmit a password over tens of meters to another Android phone that is connected to a simple AM radio.

The researcher showed that data can be transmitted over a distance of 2.5 m (8 ft) without any errors at a rate of 10-12 bits per second. The transfer rate is maintained on a distance of 10 m (32 ft), but some errors appear, although they are corrected. As the distance increases, the signal fades and the number of errors increases, but Umbelino did manage to transfer some data over a distance of more than 60 m (nearly 200 ft). He also managed to exfiltrate data through walls over a distance of 10 m.

The range can be extended significantly if an AM antenna and a software defined radio (SDR) dongle are used, the expert said.

Umbelino noted that the attack may even work on some devices when airplane mode is activated, and highlighted that this is not an Android-specific issue – NFCgrip attacks can be conducted on laptops and other types of devices as well.

Advertisement. Scroll to continue reading.

Checkmarx plans on making the NFCgrip PoC application open source. In the meantime, several videos showing the experiments conducted by Umbelino and a Hack.lu talk discussing the findings have been made available.

Related: Hackers Can Steal Data From Air-Gapped Industrial Networks via PLCs

Related: Hackers Can Steal Cryptocurrency From Air-Gapped Wallets

Related: Hackers Can Stealthily Exfiltrate Data via Power Lines

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.