Editing Near-field communication (section)

== Security ==
Although the range of NFC is limited to a few centimeters, standard plain NFC is not protected against [[eavesdropping]] and can be vulnerable to data modifications. Applications may use higher-layer [[cryptographic protocol]]s to establish a secure channel.

The RF signal for the wireless data transfer can be picked up with antennas. The distance from which an attacker is able to eavesdrop the RF signal depends on multiple parameters, but is typically less than 10 meters.<ref>{{cite web | first = Gerhard P | last = Hancke | url = http://www.rfidblog.org.uk/Hancke-RFIDsec08-Eavesdropping.pdf | title = Eavesdropping Attacks on High-Frequency RFID Tokens | series = 4th Workshop on RFID Security (RFIDsec'08) | date = July 2008 | access-date = 2016-01-05 | archive-date = 2016-03-04 | archive-url = https://web.archive.org/web/20160304073920/http://www.rfidblog.org.uk/Hancke-RFIDsec08-Eavesdropping.pdf | url-status = live }}</ref> Also, eavesdropping is highly affected by the communication mode. A passive device that doesn't generate its own RF field is much harder to eavesdrop on than an active device. An attacker can typically eavesdrop within 10&nbsp;m of an active device and 1&nbsp;m for passive devices.<ref name="Security in NFC">{{cite web |first1=Ernst |last1=Haselsteiner |first2=Klemens |last2=Breitfuß |url=http://rfidsec2013.iaik.tugraz.at/RFIDSec06/Program/papers/002%20-%20Security%20in%20NFC.pdf |title=Security in near field communication (NFC)] |access-date=2020-02-23 |archive-date=2020-08-05 |archive-url=https://web.archive.org/web/20200805030847/http://rfidsec2013.iaik.tugraz.at/RFIDSec06/Program/papers/002%20-%20Security%20in%20NFC.pdf |url-status=live }}</ref>

Because NFC devices usually include [[ISO/IEC 14443]] protocols, [[relay attack]]s are feasible.<ref name="Note1">{{cite web|first=Gerhard P.|last=Hancke|url=http://www.rfidblog.org.uk/research.html#relay|title=A practical relay attack on ISO/IEC 14443 proximity cards|date=February 2005|archive-url=https://archive.today/20120912090338/http://www.rfidblog.org.uk/research.html%23relay|archive-date=2012-09-12|access-date=2008-07-13|url-status=live}}</ref><ref name="NFC Cyber Threats and Mitigation Solutions in Payment Transactions: A Review">{{cite journal|first1=Princewill|last1=Onumadu|first2=Hossein|last2=Abroshan|title=Near-Field Communication (NFC) Cyber Threats and Mitigation Solutions in Payment Transactions: A Review|journal=Sensors |date=September 2024|volume=24 |issue=23 |page=7423 |doi=10.3390/s24237423 |doi-access=free |pmid=39685959 |pmc=11644477|bibcode=2024Senso..24.7423O }}</ref><ref name="Timo Kasper et al.">Timo Kasper et al. 2007</ref>{{page needed|date=January 2015}} For this attack the adversary forwards the request of the reader to the victim and relays its answer to the reader in real time, pretending to be the owner of the victim's smart card. This is similar to a [[man-in-the-middle attack]].<ref name="Note1"/> One {{mono|libnfc}} code example demonstrates a relay attack using two stock commercial NFC devices. This attack can be implemented using only two NFC-enabled mobile phones.<ref>{{cite journal|first=Lishoy|last=Francis|url=http://eprint.iacr.org/2011/618|title=Practical Relay Attack on Contactless Transactions by Using NFC Mobile Phones|journal=Cryptology ePrint Archive|year=2011|access-date=2012-01-03|archive-date=2012-05-09|archive-url=https://web.archive.org/web/20120509145214/http://eprint.iacr.org/2011/618|url-status=live}}</ref>