Because of its user-friendliness and cost-effectiveness, Near-Field Communication (NFC) applications are gaining popularity rapidly. As NFC applications have grown in popularity, attackers have targeted NFC entities (such as tags and readers) to access any stored data. NFC is a modern technology that allows for secure connection and convenience of usage. Nevertheless, this technology can open the door to massive hacks like scanning and other forms of identity theft.
Near-Field Communication (NFC) uses a universally available and licensed 13.56 MHz frequency to allow devices to communicate nearby of about 10 cm. The function of NFC is similar to that of RFID (radio frequency identification). The ability to operate in three separate modes is a significant advantage of NFC versus RFID.
- Active-passive, peer-to-peer, and card-emulation methods are all possible with NFC. In digital ticketing, the active-passive mode is commonly utilized.
- Card emulation mode is a digital ticketing and payment alternative to cards; Apple Pay and Google Wallet are implementations of card emulation mode.
- Peer-to-peer mode is largely used in mobile phones to create a fast Bluetooth or Wi-Fi pairing for data transmission and is primarily utilized via direct contacts, such as exchanging files from one mobile phone to the other.
A global standard for data recognition has been created: the NDEF (NFC Data Exchange Format) data format to ensure proper data collection from a passive tag through various devices. When an NFC device comes close to a tag defined by the NFC Forum, an NDEF message is sent.
What is the issue in terms of identity theft?
A new article looks at the active-passive mode and how to use registers in the NDEF tag to restore data that has been destroyed. Efficient data deletion from the NFC tag is critical because if the data is not correctly deleted, it could be exploited to steal personal information such as contact data, personal profiles, Wi-Fi passcodes, addresses, and balances.
NFC is commonly used for indoor location and standard recess locator (URL) forwarding, one of the implementations. The location or URL can still be obtained after using tags as indoor positioning nodes or URL forwarding and then deleting them using a standard application.
This article described a method for recovering data from an NFC tag that has been erased. To recover deleted data from an NFC tag that was shown as deleted on a smartphone app, the methodology uses a customized setup consisting of an Arduino UNO and NFC Shield.
Most users are also uninformed that their data may still be stored on the tag and can be recovered utilizing custom-made reader setups. Despite the availability of vendor-developed programs on the market, most users use standard tag erasure tools to remove data from the tag, which does not effectively destroy the data.
As a result, it is advised that all data be thoroughly wiped from the tag utilizing vendor programs that can entirely delete data from the tag’s memory blocks.
Developers should also write apps that entirely delete tags by writing 0xFF into all bytes of the tag rather than just adding an end-pointer at the beginning, which can deceive an NDEF reader but not byte-level reader equipment.