NFC Can Be Used to Steal Passwords Over Long Distances

Pedro Umbelino, a specialist at Checkmarx, has demonstrated a new method called NFCdrip, which allows small amounts of data (such as passwords or encryption keys) to be transmitted over relatively long distances using NFC technology.

The NFC protocol is designed to let two devices interact at distances up to 10 cm. This technology, implemented in many modern smartphones, is commonly used for payments, authentication, or file sharing. However, Umbelino discovered that NFC can actually operate over longer distances and can be effectively used to covertly extract data from physically isolated devices with Wi-Fi, Bluetooth, or GSM turned off.

How the NFCdrip Attack Works

The NFCdrip attack involves changing the operating mode of NFC to modulate data. On Android devices, this mode change does not even require special permissions, according to the researcher. NFCdrip uses amplitude modulation OOK (on-off keying)—one of the simplest forms of amplitude modulation, where the presence of a signal is interpreted as a 1 bit and its absence as a 0 bit.

In his experiments, Umbelino demonstrated how malware installed on an Android device can be used to transmit a password to another Android gadget connected to a simple AM receiver, even when located dozens of meters away. Data can be transmitted without issues at a distance of 2.5 meters at a speed of 10-12 bits per second. At 10 meters, errors begin to occur, but according to Umbelino, they can be corrected. At even greater distances, the signal weakens and the number of errors increases, but the expert was still able to transmit some data at distances over 60 meters. This range can be increased further by using an AM antenna and an SDR receiver.

Potential Threats

According to the specialist, this method can work on devices in “airplane mode” and poses a threat not only to Android devices but also to laptops and other types of devices.