How To: Protect Yourself From NFC Attacks

NFC-blocking wallets and sleeves prevent NFC skimming
NFC-Blocking wallets and sleeves prevent NFC skimming

There are lots of great benefits to NFC, as we’ve previously discussed here on UTB Blogs.

But like everything else, NFC has a dark side. Like just about every tool, NFC can be used as a weapon. It goes like this: a hacker walks or stands by you, briefly placing their Android phone right beside your wallet. Using an Android app, they copy the information that’s on your wireless bank card, credit card, passport, or any other card that supports RFID. The copying takes less than a second. They can even do it while they’re walking past you, and you’ll have no way of knowing that your information has been copied. You can see it in action here:

The Solution

To solve this problem, some people have decided not to use cards that support RFID. But there’s a another solution.

Being a BlackBerry user, when it comes to security, privacy and convenience, I’m used to having my cake and eating it too. And I don’t want that to stop. So, I have opted to solve the NFC hacking problem by using RFID-blocking shields for my cards and passport.

RFID-blocking products work as you would expect: they block the NFC/RFID signals, preventing the hacker’s phone from communicating with your cards.

You could make your own shield by simply making a sleeve or pouch out of aluminum foil. But that won’t last long, since the foil is very thin and fragile. Trust me, that was the first thing I tried.

Fortunately, there are many robust and stylish products on the market that will solve the problem. Here are your choices:

Sleeves — these are simply pouches that are lined with a metalic material that will block the NFC/RFID signal. They’re inexpensive and the good ones are pretty durable. The one I use for my passport (photo below) is made of the same plastic/paper material used to make wrist bands that you get at special events and concerts. If you’ve ever tried taking those bands off with your hands, then you know how tough it is. :-) You can get a pack of 5 at the UTB store: http://astore.amazon.com/utbblogs-20?node=7&page=3

NFC-blocking Sleeve
NFC-blocking Sleeve

Wallets — if you have several RFID cards, then you’re better off getting an RFID-blocking wallet. They’re like regular wallets, except they have an RFID-blocking layer in the material. Make sure you choose one that blocks the RFID signal even when the wallet is opened, since not all wallets are completely covered in signal-blocking material. We selected a few good ones for men, women and passports, and made them available on the UTB store: http://astore.amazon.com/utbblogs-20?node=7&page=3 .

NFC-blocking Wallets
NFC-blocking wallets prevent smartphones from using NFC to copy the info stored on your credit cards and bank card.

Backpacks and Suitcases — you can get some backpacks and suitcases that have a RFID-blocking compartment or pocket in them. I would never recommend anyone keep RFID cards in their backpack or suitcases, but the choice is yours.

Testing It

Before you start using your RFID-blocking product, you should test it to make sure it works. Testing it is very easy. All you need is a NFC tag and a phone that has a NFC scanning app, like BB10’s Smart Tag app. Here’s how you test the wallet:

  1. launch the NFC scanning app
  2. place your phone on the tag, to make sure it can read the tag.
  3. place the tag in one of the wallet’s card slots.
  4. place your phone over the slot that contains the NFC tag. If the phone detects the tag, then that slot is not blocking NFC/RFID signals. If the app doesn’t detect anything, then that slot is working.
  5. repeat the test for all the parts of the wallet and other RFID-blocking products that you want to store your cards in.

Check out the video we made, showing you how to test wallets:

BlackBerry Phones

But what about my BlackBerry ? Can’t the hacker use the same trick to copy data from, or put data on, my BlackBerry while it’s in my pocket ? Well, they can’t copy data from your BlackBerry, but they certainly can put data on it without you knowing, depending on how you set the NFC settings on your BlackBerry.

Don’t worry, BlackBerry has your back…again. To prevent this from happening to your BlackBerry, make sure that the Prompt before receiving option is selected in System Settings->Networks and Connections->NFC . That will force BB10 to prompt you every time someone tries to send data to your BlackBerry via NFC.

NFC Settings
Make sure the ‘Prompt before receiving’ setting is enabled.

And there you have it. If you have a card or passport with RFID in, then you can keep it safe from hackers while still enjoying its benefits.

bartron

I'm programmer with 13 years experience, and a former electronics technician. My first BlackBerry was a Z10, and I'm now rocking a Passport.

Top