Threat Category: Network Threats: NFC
Threat Description: Malicious NFC tags can be created that redirect the user to a malicious website or application, which can install malware on the target device.
NFC Threat Landscape 1
Near field communication (NFC) technology, vulnerabilities and principal attack schema 2
Use devices with NFC features and apps that explicitly request user authorization prior to following URLs or executing potentially harmful instructions on the device. See QR Codes and NFC Chips: Preview-and-Authorize Should be Default 3
To reduce the opportunity for this attack, disable NFC when that feature is not in use.
To further reduce the opportunity for this attack, protect the device from malicious signals using a NFC-blocking case when that features is not in use.
G. Vaughan, NFC Threat Landscape, OWASP Toronto chapter meeting, 31 Mar. 2013; www.owasp.org/images/3/38/NFC_Threat_Landscape_OWASP_Toronto_March_2013.pdf [accessed 8/24/2016] ↩
P. Paganini, Near field communication (NFC) technology, vulnerabilities and principal attack schema, blog, 13 June 2013; https://resources.infosecinstitute.com/topic/near-field-communication-nfc-technology-vulnerabilities-and-principal-attack-schema/ [accessed 7/27/2022] ↩
S. Cobb, “QR Codes and NFC Chips: Preview-and-authorize should be default”, blog, 23 Apr. 2012; www.welivesecurity.com/2012/04/23/qr-codes-and-nfc-chips-preview-and-authorize-should-be-default/ [accessed 8/24/2016] ↩