McAfee warns of NFC threat to mobiles

As near field communications (NFC) becomes a more popular feature on mobile phones, more attacks based on the technology will arise

Near field communications (NFC) could act as a gateway to a number of new security threats for mobile phones during 2013.

This was the conclusion of a report from McAfee released today, which claimed the rise of smartphones and tablets has made them more attractive to cyber criminals and specific features will be abused for them to gain entry.

NFC is commonly used for mobile payment systems where users can touch their phone onto a terminal and pay for their goods. However, McAfee has identified a worm which enables a device to pass on a virus to the reader, which in turn collects the information of everyone touching in and allows them to steal money.

“Last year, I saw a security researcher take over a phone entirely through NFC, not just taking data from it but using it, taking ownership of it,” said Raj Samani, chief technology officer (CTO) in EMEA for McAfee. “There are loads of vulnerabilities, tons of them already, and if you Google 'NFC threats', you will get 590,000 already. This will just grow.”

Raj Samani admitted NFC wasn’t a key feature everyone was using yet, but said it was better to act now rather than pay the price later.

“Not every handset has NFC, in fact nowhere near every handset has it, but this is the same conversation we had about BlueTooth when no one was using that,” he said.

“Getting people to understand they need security to protect them against these features being abused is a slow burner… and there is always the element that people aren’t aware of the risk.”

Sadly, Samani believed there would be a number of major incidents with mobile devices before adoption of security software and services to protect against such risks really ramped up.

“Look at Stuxnet five years ago,” he said. “No-one was talking about industrial cyber security at that point, now everyone knows about it.

“When it comes to security though, no matter what you do, new vulnerabilities will come out. If we have software integrated at the device level, network protections and good security education, we can combat them.”

Read more on Mobile apps and software