Jan 6, 2017
In the NFC space, it is quite common to hear consumers asking if it is possible for them to copy their credit card or bus pass onto another NFC card. Fortunately, for security reasons, you generally cannot do this. Most commonly available NFC tags aren’t very complicated devices. Effectively, they are small chunks of read-write memory with a radio interface tacked on. However, a we mentioned in our post on cloning hotel cards, there are also advanced cards available with the ability to perform cryptographic authentication and enciphered communication.
Dec 12, 2016
It’s 2016, why does still Presto take 24 hours to update my balance? For those not in Ontario, Presto is our province-wide transit farecard system, which supports online topups, but with the caveat of requiring 24 hours for your balance to be updated. For those in Ontario, you’re probably already aware of this limitation there’s a good chance that you’ve heard some variation of the above quote. Indeed, it is 2016, so why does it take 24 hours for an online-topup?
Dec 5, 2016
In any secure application design, there are lots of things that must be considered. For lots of NFC-based application, one of these concerns is vulnerabilities to a type of man-in-the-middle attack called a relay attack. In post, we’ll look at what a relay attack is, why they’re dangerous even with encrypted communication, and how you can reduce the odds of one impacting your system. What is a relay attack In the common man-in-the-middle attack, the attacker inserts themselves in between two communicating parties.
Nov 21, 2016
When planning the security of a system, all of us developers love to get into the nitty gritty details of what NIST standards we’re implementing or the size of our keyspace. Unfortunately, this tendency can often end up resulting in missing the forest for the trees. By the same token, product managers can often make the dangerous mistake of believing that using a high difficulty randomly salted Argon2 password hash and 4096-bit RSA your application is automatically secure.
Nov 14, 2016
Encoding NFC tags has historically been a painful process for even the simplest of use cases. You could use a tool such as NXP Tag Writer on your Android device, but a mobile interface is very poor for many types of content creation. If instead you wanted to use a utility on your laptop or desktop, you were pretty much out of luck. Our Tappy Reader/Writer ChromeApp provides a multi-platform Chrome-based solution to this problemi using our TappyUSB readers, but what if you want to use TappyBLE devices or just want a standard native Windows application?
Oct 16, 2016
Lots of hotels, offices, and apartment buildings are now using NFC-based access control systems. As a result, plenty of people ask about the practicality of cloning their access card to produce a spare or emulating their card via an NFC-capable smartphone. In this article we’ll look into why, while theoretically possible, doing so is often not practical. Types of access control systems In order to discuss how NFC access control systems can be defeated, we must start with looking at how they work in the first place.