NFC Vulnerability! - NFC Hacking

http://phandroid.com/2012/07/26/hac...ble/?utm_medium=referral&utm_source=pulsenews
Sent from my HTC One XL using xda app-developers app

good read good thing i keep my nfc off all the time

Can anyone confirm that the radio is actually off when NFC is unchecked in settings?
Sent from my HTC One XL using xda app-developers app

This vulnerability affects very few users. Furthermore, those users that it does affect must have their phone's screen turned on for the vulnerability to be exploited. Surely if you have your screen on, you'd be aware of any foul play from third parties; why are you worried?

Screen has to be on and it has to be VERY close or near (hence the n in nfc)
Sent from my Nocturnal HOX

JamesR913 said:
Screen has to be on and it has to be VERY close or near (hence the n in nfc)
Sent from my Nocturnal HOX
Click to expand...
Click to collapse
Screen on, device unlocked *and* within a few cm of this device (this is the NFC antenna portion of the device, not just anywhere on the device).

I'm rather interested in how exactly this could be done. Though I reckon it could potentially be dangerous to publicly release that info, I could call it a case of "it's not a bug, it's a feature" and do pretty useful things with it. I'm thinking along the lines of making the phone connect to wifi, which without such hacks is only possible if the phone that scans it has one from a number of NFC apps installed. Pre-installing that app too just so you can log into wifi at someone's house kind of eliminates the purpose of using NFC to login in the first place.

If you programmed a NFC tag with a url that contained embedded javascript (or escaped characters that would later unescape to javascript) *and* the browser interpreted them instead of ignoring them or invalidating the whole url... maybe. But it's a big 'if'.
Most new-ish browsers now disallow Javascript in URLs. The other main attack vector would be a trusted site with reflected XSS vulnerability (ie, a site that renders URL-encoded parameters into the rendered page, like a 404 page that displays the requested URL within the error message), but it's more likely that an attacker would just host his own page since the URL target of a NFC tag is opaque until read, anyway.
The main thing: don't allow NFC to launch the browser without previewing the URL's value, and don't preview the url's value in any container that can be induced to interpret its content as HTML.
Sent from my SAMSUNG-SGH-I747 using Tapatalk 2

Well, if it is possible to make someone connect to wifi using javascript, then it might be interesting to put a small website online with just that bit of javascript. I could then put a hyperlink to that page in the NFC tag. Would still require internet access, but it would use a lot less data to work that way (the normal way is installing an app first, which costs way more data) and it would also be faster and require less actions. From the user's view, it is a lot more elegant. This would mean you don't have to inject the javascript directly into the url and run the risk of the url being blocked by the browser.
Bad side is that you will in all likelyhood practically be putting your wifi password on the internet. That might be a major security issue.
That is assuming it is possible to make devices connect to wlan using javascript, which I understand from your post it is, though I can't find out any information on this.
What do you think about this theory?

It depends mainly upon how Android handles NFC events. If it fires an intent that relays the NFC tag's content to a handler that blindly fires it off as another intent, or blindly opens it in a browser window... well... there's a good chance that Bad Things(tm) will eventually happen somehow. If Android makes at least half an attempt to sanitize the NFC-read content, and doesn't have any command-injection vulnerabilities along the way, it'll probably be OK.
I'm still reading up on Android's specific implementation of it. Much of what I wrote above is actually based on naive handling of QR-encoded URLs.
Speaking in the abstract, the worst thing I can imagine an end user doing today is downloading (or writing) cobbled-together handler with no sanity-checking or sanitizing that registers itself as a listener for NFC events, gets the user to make it the official handler, then does something completely stupid, like reading the String straight from the tag and using it to blindly construct a new Intent and fire it off. The thought of someone doing that gives me chills.

what if someone where to place a chip near a pay-pass location while using google wallet? what then?

A 'chip' ? Basically nothing, except possible denial-of-service due to interference (you can't read two tags simultaneously).
There's nothing magic about NFC. At the end of the day, it's basically a low-ceremony moderate-speed serial link that allows parasitic powering of low-cost radio+eeprom modules in the form of tags. It's what you and the software make of it.
NFC payments are no more or less inherently secure than online paypal purchases encrypted with SSL. In the grand scheme of things, the actual data transfer is usually the *least* of your problems, compared to how the data is stored on your end & handled on the other end.
Would you ever allow your PC to indiscriminately send $10 via Paypal to anybody who manages to plug in a flash drive for 7 seconds? Then don't run a payment client that automatically satisfies any payment request you literally wave in front of it without at least requiring some form of affirmative confirmation & approval from you.
Can a badly-implemented NFC app be cloned or impersonated? Sure. And so can your Visa card, if you hand it to the waiter & he swipes it through his own capture device when you aren't looking. That's why you never, ever want to agree to TOS that leave you on the hook for basically unlimited charges.
NFC payments backed by Visa or Mastercard are a wonderful thing. If somebody defrauds you, you fill out a form, file a police report if necessary, and maybe pay $50 if you have bad credit & your issuer feels like they can screw you as a subprime customer. Otherwise, that's the end of it, unless the bank can prove you committed fraud or engaged in wantonly reckless and unfathomably stupid behavior.
NFC payments backed by my checking account, and no daily hard purchase limit like $50? No. Way. In. HELL. I had a debit card stolen 10 years ago. By the time the bank contacted me, my account was overdrawn by almost $5,000. For almost a week, I couldn't even cash a check from my parents, because it would have just gotten absorbed by the overdraft. I spent 2 days just fighting with the bank to get the ongoing $29+ overdraft fees (for legit expenses autopaid after the thief overdrew my account) waived (after they finally credited the fraudulent charges back to me, ~2 weeks after it happened, and I was able to argue that they wouldn't have *been* overdrafts if the bank had done its job and noticed charges for stores and things I've never bought in my life). The truth is, it's *very* hard to unwind and fix a checking account catastrophe.
So, in summary:
* wave my phone over a sensor to blindly pay $3 and board a subway train that's going to depart without me in 17 seconds if I don't run like a mofo up the escalator, paid from a fund that gets topped off $25 at a time, at most twice per week? Sure.
* wave my phone over a vending machine that requires a pin code the first time I do it at a new location, is backed by a credit card, and maxes out at $10/day? Sure.
* ditto SPECIFICALLY for Taco Bell.
Bigger charges? Ask me, and make me explicitly authorize them after demonstrating my knowledge of a passphrase.
Sent from my SAMSUNG-SGH-I747 using Tapatalk 2

NFC is absolutely insecure. It was discussed by Steve Gibson of GRC on last week's (Oct 3rd) podcast of Security Now.
http://twit.tv/show/security-now/372

It was discussed by him, and if you read the whole thing, he basically said exactly what I did. NFC itself is security-neutral. It's a slow short-range wireless serial port.
If someone wrote a proof-of-concept app that ran on your PC, monitored COM1 at 9600-8-N-1 & responded to "transfer://amt=100&acct=123456789" by blindly transferring $100 to account #123456789 without even asking for confirmation, would you declare that serial ports are "totally insecure", too?
NFC is a hardware capability. Nothing less, nothing more. Software can use it for good *or* mischief. Include a compensating control that requires physical affirmation of intent, and legal controls to limit your total liability, and its use for payment is no worse than a prepaid transit card. Security isn't a thing, it's a process with layers of things, some of which WILL occasionally fail.
Remember, if a mugger marches you up to an ATM with a gun in your back, the bank isn't going to refund your withdrawal, either.
Sent from my SAMSUNG-SGH-I747 using Tapatalk 2

bitbang3r said:
Remember, if a mugger marches you up to an ATM with a gun in your back, the bank isn't going to refund your withdrawal, either.
Sent from my SAMSUNG-SGH-I747 using Tapatalk 2
Click to expand...
Click to collapse
WOW that sucks. My bank would. Sucks to be you.
Sent from my squirrel.

Related

How much risk would you take with personal details stored on your mobile device

I've started a new thread rather than tacking this on to a software recommendation thread, as I'm just trying to get an idea of peoples view on risk rather than comments on particular software.
Having started to drive myself mad trying to remember logons for online accounts like amazon, ebay etc. I'm now really stuggling with the extra level of security some ecommerce sites like ticketmaster are using like RBS secure pass. I have enough difficulty remembering logons and passwords for the main sites and now have to remember yet another set just to complete the purchase.
So really my question is what level of information would you store on your device? I'm currently looking at ewallet and am happy with the software and purchase price, but they suggest storing everything; bank account details, logons and pins; credit/debit cards numbers and pins; ecommerce site logins etc. Do you trust storing such sensitive details on a portable device? They say they use government-level (FIPS) 256-bit AES encryption, do people feel that's secure enough and uncrackable? At the moment I generally use a variation of the same password with different numbers on the end even for ecommerce sites, so it's got to be better than that! I'm not overly worried about protecting discussion site log on's though. I guess you could setup "wallets", one for ecommerce site, one for bank account details etc, so multiple accounts would have to be hacked, but then you're back to having to remember (and periodically change) multiple passwords. I've also just thought that the phone is pin protected as well and the password data is stored on the phone rather than the memory card, so that's another level of protection.
I guess it's just a case of weighing up the risks, i.e. relying on my ever more flakey memory, but possibly only compromising one site, although that could include bank accounts, or risking the lot, but (hopefully) stored in a much more complete, effecient and secure method and actually doing the recommended changing passwords every month. If I don't trust the software, then it's back to using my failing memory or bits of paper Having just sorted out my late mothers possessions I found a notebook with all her bank account details, pins, passwords etc
i'm using eWallet from Ilium on both my wm phones and pc...it's secure (256-bit FIPS-197 AES) enough for me (u can use long passwords, set lockout times after unsuccesful logins).
to be honest if you are milionare you may need to be careful with using this sort of software but being quite normal, average earning human being i think that no hacker would like to spend weeks or months to try to hack my eWallet. and even if someone would be so patient, as soon as my phone would have been (god forbid) stolen i know that i have good few weeks to change all my sensitive data with banks and other social network websites and eShops...
marasp said:
i'm using eWallet from Ilium on both my wm phones and pc...it's secure (256-bit FIPS-197 AES) enough for me (u can use long passwords, set lockout times after unsuccesful logins).
to be honest if you are milionare you may need to be careful with using this sort of software but being quite normal, average earning human being i think that no hacker would like to spend weeks or months to try to hack my eWallet. and even if someone would be so patient, as soon as my phone would have been (god forbid) stolen i know that i have good few weeks to change all my sensitive data with banks and other social network websites and eShops...
Click to expand...
Click to collapse
Thank you for a down to earth answer. May be I'm being a bit too paranoid. As I said in my first post, anything's got to be better than my current flawed system.

So, I made my first NFC payment today...

I do not see the appeal.
It's just as easy (easier, really) to swipe a credit card.
I do not see the advantage of making a purchase process more complicated--NFC requires a powered, active, working phone. What if the phone crashes? What if the battery dies?
A credit card is solid state, requires no power, and is usable just about anywhere...
Am I missing something?
Deanwvu said:
Am I missing something?
Click to expand...
Click to collapse
Did you get your $10?
I don't know about purchases but I have some cool ideas about things to do with my new NFC tags.
Deanwvu said:
I do not see the appeal.
It's just as easy (easier, really) to swipe a credit card.
I do not see the advantage of making a purchase process more complicated--NFC requires a powered, active, working phone. What if the phone crashes? What if the battery dies?
A credit card is solid state, requires no power, and is usable just about anywhere...
Am I missing something?
Click to expand...
Click to collapse
It's the overall potential to removing all the clutter of having multiple credit cards with multiple bills and a wallet full of info that is hard to recover. If I lose my Wallet I have to call all my credit card companies and cancel all my cards then have to wait for them to resend them in the mail. With this I can easily recover with just a new phone. It sucks right now because not many people accept it but you are considered an early adopters if you join right now so there is going to be some teething pains you're going to go threw. Also think of this as like those key chain things that gas stations use for easier and faster gas purchases. It's like that but on a bigger scale
Sent from my LG-P999 using xda premium
Buff McBigstuff said:
Did you get your $10?
Click to expand...
Click to collapse
I did It was certainly worth $10 to give this a go!!
psychoace said:
It's the overall potential to removing all the clutter of having multiple credit cards with multiple bills and a wallet full of info that is hard to recover. If I lose my Wallet I have to call all my credit card companies and cancel all my cards then have to wait for them to resend them in the mail. With this I can easily recover with just a new phone. It sucks right now because not many people accept it but you are considered an early adopters if you join right now so there is going to be some teething pains you're going to go threw. Also think of this as like those key chain things that gas stations use for easier and faster gas purchases. It's like that but on a bigger scale
Sent from my LG-P999 using xda premium
Click to expand...
Click to collapse
I can see that as an advantage, perhaps. Maybe there will be a day when I walk out of my door carrying only my ID, my phone, and my car keys, but not yet. I do not trust my phone to be working all the time every day. All it would take is one phone failure when I actually need to purchase something to sour the experience for good.
Again, when it comes to purchasing goods/services, I think simple is best. Time will tell.
Security. Your credit card is an archaic tool rife with vulnerabilities. Chip based payment systems are arguably more secure.
psychoace said:
It's the overall potential to removing all the clutter of having multiple credit cards with multiple bills and a wallet full of info that is hard to recover. If I lose my Wallet I have to call all my credit card companies and cancel all my cards then have to wait for them to resend them in the mail. With this I can easily recover with just a new phone. It sucks right now because not many people accept it but you are considered an early adopters if you join right now so there is going to be some teething pains you're going to go threw. Also think of this as like those key chain things that gas stations use for easier and faster gas purchases. It's like that but on a bigger scale
Sent from my LG-P999 using xda premium
Click to expand...
Click to collapse
Damn, I really got to stop typing long crap like that on my cell phone. I need punctuation damnit.
I tried it a while back at Best Buy, especially since Google is handing out a free $10. Yeah, it's nothing special, but I like the idea of keeping some cash on there in case I ever leave my wallet at home. I've gone out of town on business before only to get 2 hours down the road and realize I don't have my wallet. I NEVER leave my phone. It's a good option to have.
psychoace said:
Damn, I really got to stop typing long crap like that on my cell phone. I need punctuation damnit.
Click to expand...
Click to collapse
I've seen much worse
Sent from the MIUI powered E3D
Deanwvu said:
I do not see the appeal.
It's just as easy (easier, really) to swipe a credit card.
I do not see the advantage of making a purchase process more complicated--NFC requires a powered, active, working phone. What if the phone crashes? What if the battery dies?
A credit card is solid state, requires no power, and is usable just about anywhere...
Am I missing something?
Click to expand...
Click to collapse
It's because you're now old school.
Don't worry I argued this same point - there's not much appeal when I have to carry a wallet anyway for my ID and some cash for places that charge for credit cards. Google wallet takes more work than paying for a card for me.
But I could see this being a fundamental shift in payment for younger generations who might have a phone but no real need for a wallet - who will grow up used to this system.
The real issue at the moment is battery life, I'm sure 5-10 years from now week+ battery life will be the norm and using phone for everything will become acceptable. Phones will also not be so fragile (cough iphone) so it will be as reliable as a piece of card (or almost).
Personally though, I think an NFC card would be way more convenient. It could be the size of a credit card, with a touch screen interface that lets you use it for payment or as a driver's license. But this kind of tech is probably at least 10 years away.
Can I ask you guys which method is the best one out there ?
I do have root.
http://forum.xda-developers.com/showthread.php?t=1365360
or
http://forum.xda-developers.com/showpost.php?p=20404813&postcount=350
I think I'm a little confused by wallet. I know it wasn't inclued out of the box because of Verizon. I was able to download it from the market, install and activate it. I have the $10 and went to test it. I went to pay and the phone said sent but did not display the merchant for confirmation and the merchant didn't receive it either. They are supposedly setup for it. Do I need to grab one the other APKs and reinstall or is there any ideas you guys may have? I've searched plenty and saw no mention of what I'm experiencing. Thanks for any insight.
+1
Thank you!
finally some one that sees the truth
Deanwvu said:
I do not see the appeal.
It's just as easy (easier, really) to swipe a credit card.
I do not see the advantage of making a purchase process more complicated--NFC requires a powered, active, working phone. What if the phone crashes? What if the battery dies?
A credit card is solid state, requires no power, and is usable just about anywhere...
Am I missing something?
Click to expand...
Click to collapse
Deanwvu said:
I do not see the appeal.
It's just as easy (easier, really) to swipe a credit card.
I do not see the advantage of making a purchase process more complicated--NFC requires a powered, active, working phone. What if the phone crashes? What if the battery dies?
A credit card is solid state, requires no power, and is usable just about anywhere...
Am I missing something?
Click to expand...
Click to collapse
I am on the fence, see the pros and cons with both...but eventually when the NYC MTA implements this technology broadly it would pretty sweet to use if you happen to misplace or forget your train ticket and/or metro card
For now, I have to agree. It is less convenient than just using a card.
What would ultimately be really cool is to replace all those things we're talking about with just your phone. Unlock your house, start your car, verify your identity, pay for stuff... all with one device. But until I can ditch my wallet and keys entirely, it's just another way to complicate things instead of a solution to make life simpler. Can't wait for the future!
I've now used it at about 5 different locations and it's pretty fast, with much potential. assuming you've entered your pin ahead of time, it's faster than paying with a physical card. my phone hasn't crashed for more than a month (since going to custom roms) and fcs are extremely rare. therefore it's as reliable as I expect it to be
Sent from my Galaxy Nexus using xda premium
My phone gave me fits when I tried to use Google Wallet at Rite Aid. Fortunately the cashier mived the rest of the line behind me to a free register so I could keep trying, because I had to start over like 8 times. It's a nice gimmick for now, but it won't really be practical until more businesses support it and the bugs get worked out.
Terminators run on Android
I see the appeal in that my phone is quickly becoming my life "tool"
First it integrated my iPod/music player, now does movies, now does hand held games, mobile web browser and email means its now used for work purposes... replicon now has timesheet app so it also records my time in/out of a job......google wallet is now what I use to pay for groceries at the store instead of carrying my wallet in my pocket and possibly loosing my wallet... if my phone is lost, they have to go through 3 passwords before getting to my wallet.
Im thinking more of it as a "why not"... my phone is becoming more and more useful
out for a run with only my phone, need a drink, run into cvs, swipe phone
I used it at 7-11 yesterday just to test it with the free $10. It worked flawlessly but I don't see replacing my wallet until everyone accepts this interface.
I would use it more now if I was able to add my Wells Fargo debit card. Hopefully the ability to add any type of debit/credit card will be the next stag of evolution for this service.
Sent from my Galaxy Nexus
One advantage is that you can see all your previous transactions electronically more conveniently (not having to log into your credit card account, or wait a day or two before the transaction showing up there).
Another advantage is that coupons and deals can be used more easily. For example, right now if you go into Google Wallet, you can choose offers like 15% off entire purchase at Gap & Banana Republic when you pay with NFC. The offers are pretty limited right now, but I reserve my judgement until Google Wallet or Isis (Verizon/AT&T/T-Mobile NFC payment system) take off.
In principle, it is more secure since even if you lost your phone, with your phone unlocked, other people can't use it for NFC payment since it requires an additional PIN code. But then of course losing the phone itself probably costs a lot too...
If Google Wallet or Isis gain traction, more credit card companies will jump in. And hopefully that means you can add more credit cards can be stored on your phone, eliminating the need to carry a number of physical cards.
Oh... and it saves a lot of time for a typical female not having to find an additional item in their over-stuffed purses.

Google is the biggest reason behind the poor development of NFC

First of all, Google have full control of the NFC secure element in Nexus devices. This means that any company that wants to build an application that requires high security or the card emulation feature must beg Google for access. But Google are the good guys, right? Maybe not. Kaching wanted to build a NFC wallet for Android, but they say they've been given the cold shoulder by Google. Source here. How convenient that a potential competitor to Google Wallet is denied access, aye?
A related note is that card emulation is not possible for consumers in Android's current state. Let me give you an example of how card emulation would be useful in your everyday life: in your office or school you probably have NFC door access, and perhaps NFC printing and food payments. Many of these systems simply read the unique ID of the card and then associate that card ID with your account on the system. BlackBerry users have card emulation, meaning that they can use their phones with existing infrastructure. I've experienced this myself - my friend's BlackBerry can now be used to pay for his food and to gain entry to the building. Google have disabled this in Android - my Nexus spits out a random ID each time it's placed on the reader. If Google simply provided an application that allowed us to emulate one card at will, this would not be a problem. But they don't.
NFC could soon become a must-have feature on every phone. It certainly has the potential. However, the restrictions that Google have placed on NFC in Android will make gaining popularity very difficult.
Evangelion01 said:
First of all, Google have full control of the NFC secure element in Nexus devices. This means that any company that wants to build an application that requires high security or the card emulation feature must beg Google for access. But Google are the good guys, right? Maybe not. Kaching wanted to build a NFC wallet for Android, but they say they've been given the cold shoulder by Google. Source here. How convenient that a potential competitor to Google Wallet is denied access, aye?
A related note is that card emulation is not possible for consumers in Android's current state. Let me give you an example of how card emulation would be useful in your everyday life: in your office or school you probably have NFC door access, and perhaps NFC printing and food payments. Many of these systems simply read the unique ID of the card and then associate that card ID with your account on the system. BlackBerry users have card emulation, meaning that they can use their phones with existing infrastructure. I've experienced this myself - my friend's BlackBerry can now be used to pay for his food and to gain entry to the building. Google have disabled this in Android - my Nexus spits out a random ID each time it's placed on the reader. If Google simply provided an application that allowed us to emulate one card at will, this would not be a problem. But they don't.
NFC could soon become a must-have feature on every phone. It certainly has the potential. However, the restrictions that Google have placed on NFC in Android will make gaining popularity very difficult.
Click to expand...
Click to collapse
My question to you is, how is Nokia progressing with NFC in the development department? RIM?
Secure Element isn't something to be opened to every developer, because it totally undermines it's purpose if everyone has access to it.
I guess you don't fully understand the reason why Google disabled the card emulation.
As you said, some places use an NFC card for payments. Imagine someone that creates an app that emulates the card. But instead of the 10$ you've got on your card, the app tells that you've got $150 dollar on the card.
So, how can a school use NFC in a phone for payment? Simple, create a new NFC system with a secured(!) app, which transfers the data by NFC. Just like Google Wallet does. Google Wallet doesn't emulate an NFC card, it just transfers data though NFC and the receiver knows how to handle that data.
So, there are two things that need to be done:
- Create a new system that communicates with the device, instead of letting the system think it's just an NFC card.
- Wait until more users have got NFC in their phones. For now, only the HTC One series, the SGS3, the Nexus S and Galaxy Nexus contain NFC. Maybe a few more, but that's it.
adrynalyne said:
My question to you is, how is Nokia progressing with NFC in the development department? RIM?
Secure Element isn't something to be opened to every developer, because it totally undermines it's purpose if everyone has access to it.
Click to expand...
Click to collapse
As I mentioned, RIM allows card emulation. BlackBerry devices are compatible with existing infrastructure without having to develop new applications or authentication methods.
The Commonwealth Bank of Australia is not 'every developer'. They're a bank for Christ's sake. Obviously Google can't open the secure element to layman developers, but they're locking out financial institutions too?
fifarunnerr said:
I guess you don't fully understand the reason why Google disabled the card emulation.
As you said, some places use an NFC card for payments. Imagine someone that creates an app that emulates the card. But instead of the 10$ you've got on your card, the app tells that you've got $150 dollar on the card.
So, how can a school use NFC in a phone for payment? Simple, create a new NFC system with a secured(!) app, which transfers the data by NFC. Just like Google Wallet does. Google Wallet doesn't emulate an NFC card, it just transfers data though NFC and the receiver knows how to handle that data.
So, there are two things that need to be done:
- Create a new system that communicates with the device, instead of letting the system think it's just an NFC card.
- Wait until more users have got NFC in their phones. For now, only the HTC One series, the SGS3, the Nexus S and Galaxy Nexus contain NFC. Maybe a few more, but that's it.
Click to expand...
Click to collapse
As I mentioned, many schools don't actually write any information onto the NFC cards. The cards are empty. They simply link the UID of the card to a person's account on their backend system. This is how my school works. This way, there's absolutely no possibility of someone obtaining free food/money. And that's why my friend is able to use his BlackBerry on our system. Card emulation gives him a constant UID. My Nexus' p2p mode chucks out a random UID, meaning that it's not possible.
All Google would have to do to fix that is release an application that uses the secure element to allow us to emulate a single card with a constant UID. Then I too would be able to add my Nexus to the system.
Where are visa and MasterCard? Only when these giants get on board will nfc take off.
Trust me whenever the iphone has nfc than nfc will take off and become a "standard" among phones. Just like the front facing camera :banghead:
Sent from my myTouch_4G_Slide using Tapatalk 2
Hotshot205 said:
Trust me whenever the iphone has nfc than nfc will take off and become a "standard" among phones. Just like the front facing camera :banghead:
Sent from my myTouch_4G_Slide using Tapatalk 2
Click to expand...
Click to collapse
Wait, are you saying now that apple was a pioneer of a front facing camera?
My daughters brand new first gen iphone had a ****ty 2 meg camera (just one), while my n95 had a front facing one and a main one -5meg on carl zeis optics.
Imho, the only thing apple does well is design. The sales and the place on the market is through the design in a first place.
I remember how their phone wouldnt have mms, bluetooth connection (apart from a headset) and pretty much no file transfer or interconnectivity -a phone!!!
Symbian may be dead now, still, a much better system than osx as far as I installed and fiddled with both of them.
Sent from my ST18i using XDA
Regrettably, Hotshot205 is right. iPhone = traction. Lots of the features in iPhones existed on phones before they showed up on iPhone. But, all those fanboys will tell their friends and try to make phandroids jealous. Would you give a damn about Instagram if not for all the iTards going on and on about it? We had better photo-sharing apps before that, but nobody cared. Rumor has it the next iPhone will have NFC, and if it does, I bet we suddenly see a lot more use for a technology we had a year earlier.
Yeah that our hardware to be used at stores, to enable a wave and pay are not in alot of areas. Wait till visa and Samsung start pushing this hard during the Olympics
Sent from my Galaxy Nexus using Tapatalk 2
Wouldn't the Isis nfc system also be part of problem with nfc development?
Google isn't the only blockade to NFC
The NFC P2P protocol is what is most used for facilities access applications on Android. There are systems that take advantage of this on the market already. Some systems for access control are fundamentally incompatible. All our NFC enabled phones are capable of handling this protocol.
As for Google holding up NFC. I can see how card emulation can be a thorny issue for Google. You would need access to the secure element and that might provide unintended exploits for scams and fraud. Would you want to be liable?
Individual banks are responsible for including the established NFC features Visa and Mastercard have already implemented. Not only are they loathe to change but they are also tightwads and don't want to issue millions of cards with chips in them or build the infrastructure to manage them. The are also paranoid about access to the information stored in the NFC secure element.
Merchants also must not only purchase and install the POS terminals that are NFC enabled but they also must be troubleshooters and educators for people that have trouble using their NFC cards. I can't tell you how many times I've tried to use Google Wallet at a merchant but couldn't because the clerk didn't know how to use it. Of all the places I use my cards at, only about 15% actually have the POS terminal for NFC transactions.
And while I'm not including the typical XDA member, people are paranoid. My 85 year old father refuses to use his credit union Visa debit because he thinks it's less secure than writing a check. He comes to me to order stuff online with my AmEx card... he's never going to change.
As far as Apple is concerned, they will bring a monolithic install base that will bring critical mass to the party. All those iPhones running around asking to pay with their iBucks will probably push us over the cliff and you'll see a much more rapid deployment of POS readers. Nobody will know what Apple is doing until it's released. I've not even heard any credible chatter for inclusion of NFC in the next iPhone.
I know I've rambled on a bit. But I doubt Google is as big a barrier as you would think. I think it's more likely the banks, merchants, not having critical mass for full scale deployment, etc.
EDIT
I just found an article at Forbes outlining a patent from Apple about an iWallet using the bluetooth 4 low power features... interesting but very disruptive for the ecosystem.
http://www.forbes.com/sites/anthony...t-paves-way-for-next-iphone-to-be-an-iwallet/
Hotshot205 said:
Trust me whenever the iphone has nfc than nfc will take off and become a "standard" among phones. Just like the front facing camera :banghead:
Sent from my myTouch_4G_Slide using Tapatalk 2
Click to expand...
Click to collapse
You obviously don't know what your talking about. Android phones has FFC before iPhones. Many features appear in Android way before in iOS (I.e. notifications, NFC, face unlock, etc.). The list goes on.....
Sent from my Galaxy Nexus using Tapatalk 2
jokerzx12 said:
You obviously don't know what your talking about. Android phones has FFC before iPhones. Many features appear in Android way before in iOS (I.e. notifications, NFC, face unlock, etc.). The list goes on.....
Sent from my Galaxy Nexus using Tapatalk 2
Click to expand...
Click to collapse
He never said otherwise. He said it didn't "take off" until the iPhone.
jokerzx12 said:
You obviously don't know what your talking about. Android phones has FFC before iPhones. Many features appear in Android way before in iOS (I.e. notifications, NFC, face unlock, etc.). The list goes on.....
Sent from my Galaxy Nexus using Tapatalk 2
Click to expand...
Click to collapse
Please try reading before bashing..
Wilsonium said:
The NFC P2P protocol is what is most used for facilities access applications on Android. There are systems that take advantage of this on the market already. Some systems for access control are fundamentally incompatible. All our NFC enabled phones are capable of handling this protocol.
As for Google holding up NFC. I can see how card emulation can be a thorny issue for Google. You would need access to the secure element and that might provide unintended exploits for scams and fraud. Would you want to be liable?
Individual banks are responsible for including the established NFC features Visa and Mastercard have already implemented. Not only are they loathe to change but they are also tightwads and don't want to issue millions of cards with chips in them or build the infrastructure to manage them. The are also paranoid about access to the information stored in the NFC secure element.
Merchants also must not only purchase and install the POS terminals that are NFC enabled but they also must be troubleshooters and educators for people that have trouble using their NFC cards. I can't tell you how many times I've tried to use Google Wallet at a merchant but couldn't because the clerk didn't know how to use it. Of all the places I use my cards at, only about 15% actually have the POS terminal for NFC transactions.
And while I'm not including the typical XDA member, people are paranoid. My 85 year old father refuses to use his credit union Visa debit because he thinks it's less secure than writing a check. He comes to me to order stuff online with my AmEx card... he's never going to change.
As far as Apple is concerned, they will bring a monolithic install base that will bring critical mass to the party. All those iPhones running around asking to pay with their iBucks will probably push us over the cliff and you'll see a much more rapid deployment of POS readers. Nobody will know what Apple is doing until it's released. I've not even heard any credible chatter for inclusion of NFC in the next iPhone.
I know I've rambled on a bit. But I doubt Google is as big a barrier as you would think. I think it's more likely the banks, merchants, not having critical mass for full scale deployment, etc.
EDIT
I just found an article at Forbes outlining a patent from Apple about an iWallet using the bluetooth 4 low power features... interesting but very disruptive for the ecosystem.
http://www.forbes.com/sites/anthony...t-paves-way-for-next-iphone-to-be-an-iwallet/
Click to expand...
Click to collapse
The P2P protocol will not do anything for the proliferation of NFC. Existing infrastructure does not use P2P, and that Google are trying to push it is laughable. When a person sees that their phone can give them access to their buildings using hardware that has been deployed for years, they'll sit up and notice. That's the case with BlackBerry.
The banks are only an issue because they're trying to get a cut. They know that NFC is coming. HSBC have made NFC-enabled cards the standard now. Barclays have issued over 21 million NFC-enabled cards; they're even giving away NFC stickers and wristbands. Even over there in America, many banks issue NFC-enabled cards as standard.
The merchants are adopting NFC at a fast pace now. Just last week the UK Post Office announced it would be installing NFC terminals into all 11,500 of its stores by October. A number of supermarkets are rolling out NFC terminals. Many small mom-and-pop shops even have NFC terminals.
The biggest issue for Android and NFC is Google. The people that want to use NFC to its fullest can't, because Google Wallet is so limited in terms of supported banks/countries/devices. Then when competing companies want to make an NFC Wallet, Google shuts them out. There was a company who wanted to make NFC-based door locks, but Google wouldn't give them access to the secure element. Obviously you can't just give anyone access to the secure element, but Google are turning their backs on established businesses. They're stifling development. Why do you think the Nexus devices don't have MicroSD slots? It's very possibly because MicroSD cards can be used as removable secure elements which Google can't control. Same with SIM cards, which is why it's still unclear whether the Nexus devices can use SIM cards as secure elements.
Take the Galaxy S3. Its embedded secure element is controlled by Samsung, but it can also use the SIM card and the MicroSD card as secure elements. Samsung have already provided Visa and Lloyds access to the secure element for NFC payments at the Olympics. Can't say the same for Google and the Nexus devices.
Hotshot205 said:
Trust me whenever the iphone has nfc than nfc will take off and become a "standard" among phones. Just like the front facing camera :banghead:
Sent from my myTouch_4G_Slide using Tapatalk 2
Click to expand...
Click to collapse
Yep. We can just hope they Apple will add NFC to the next iPhone.
Thanks for everyone who took up for my post. I never said apple made it they only made it cool or the "in the happening" I've used so many different phones its not even funny and my first phone with a front facing camera was the Nokia N95(still one of my favorite phones) Nokia been had ffc, I remember using fring for GOD sakes lol. So I'm not a noob to technology but I know apple marketing is crazy when they add new features that's been out before it hits their phone. Plus I wish the new Apple iphone have nfc. It will give nfc the push it needs to get off the ground. While android will still have cooler nfc apps in my opinion.
Sent from my myTouch_4G_Slide using Tapatalk 2
...ftr -
N95 release 2007, front camera-VGA, main-5Mpx (carl zeis)
3 years later...
Iphone 4 2010, front camera-VGA, main-5Mpx
btw, I put my old N95 to envirophone, was offered 65 Euro,
same age iphone-10 Euro.
lol
not to sound harsh now, Steve Jobs did a lot for the technology, design and innovation in all his areas, somehow, I dont think apple will do as well without him, just like they didnt do well without him before -just my opinion
sorry off topic
Nfc needs a universal standard or be narrowed to 2 or 3 standards for it to become competitive and viable. Apple may or may not give this momentum. Personally, i think they will. Too many companies want their cut for digitally touching your money. Sad but true. And hope i don't ever hear an apple user saying something stupid like apple invented nfc or smartphone payments. Been through that too many times with other 'established' or 'invented' technologies. Like apps. And voip. Even the smartphone itself. Ugh.
...

Is Apple partially right?

Ive been thinking over this past couple days over a few things since the launch of iphone 5. One thing which caught my attention was lack of NFC in iphones 5th edition.
So I have NFC in my GS3 and its a cool feature to tell people about but I havent used it for anything. It's an upcoming technology and for now its nothing more useful than playing with nfc tags (which is fun). But would lack of NFC hurt anyone. How much would u have missed it if it wasnt in ur GS3?
I know some of us have been able to hack gwallet but i dont think a company like samsung makes decison based on some of us who can fully utilize a technology
(If u dont like my qn dont hate me, dont call me isheep or other names as ive never owned any iphone)
Looking for a healthy discussion
Sent from my SGH-T999 using xda app-developers app
I haven't used it either. Don't feel bad its not that big of a deal. What's the point of putting technology in a phone if it can't be used in practical life situations.
Sent from my SGH-T999 using xda premium
the people that work at Apple are smart. Their stock is up right, now. But, they are on their way out.
They don't have the vision. Especially without Jobs to keep the public happy overpaying for apps and songs
Sent from my SGH-T999 using xda premium
Well, I think NFC is an upcoming technology, and like any other before that, the success of a new technology depends on various factors such as adoption rate, business value added, ease of use, and the support of technology consumer in his case merchants and end user.
If Apple put NFC in their latest iphone, that will boost the adoption rate as like it or not they have millions users. However even without apple's support of NFC, if most of other smartphone manufacturer especially android put NFC in the phone and merchants start to accept NFC as mode of payment, I believe apple will put NFC in the next release of iphone.
Sent from my GT-I9300 using xda premium
It's better to have it not need it.. than to need it not have it..
What bad is it doing us?
Very good point but I guess apple likes to prepare its user for an upcoming technology and then gradually guide them into its usage and then make money off of them, which they r doing thru passbook. Which isnt a bad way of selling a service coz my 60 yr old dad wont understand nfc netime if I throw my gs3 at him.
Sent from my SGH-T999 using xda app-developers app
I love NFC. I use my Google wallet wherever I can and using android beam is really cool.
Sent from my SGH-T999 using Tapatalk 2
thanks but no thanks. I dont need it and dont want it. If your that lazy that you cant carry a wallet , you deserve to have your financial and personal data stolen which can happen if you lose your phone. you dont even need to have your phone stole for your info to get stolen. It happens all the time eith nfc chips on credit cards.
kobe4rings said:
thanks but no thanks. I dont need it and dont want it. If your that lazy that you cant carry a wallet , you deserve to have your financial and personal data stolen which can happen if you lose your phone. you dont even need to have your phone stole for your info to get stolen. It happens all the time eith nfc chips on credit cards.
Click to expand...
Click to collapse
Well I pray to God that doesn't happen and thankful it hasn't. So far I am enjoying my NFC chip
Sent from my SGH-T999 using Tapatalk 2
kobe4rings said:
thanks but no thanks. I dont need it and dont want it. If your that lazy that you cant carry a wallet , you deserve to have your financial and personal data stolen which can happen if you lose your phone. you dont even need to have your phone stole for your info to get stolen. It happens all the time eith nfc chips on credit cards.
Click to expand...
Click to collapse
You could make an argument like that about anything. If you take vitamins for instance, I could say "If you're too lazy to eat the proper foods to get your vitamins, you deserve to die of malnutrition".
Back on topic, I don't ever use NFC but mainly because no one accepts it. Apple could have changed that, it'd have been a "magical" and "revolutionary" new technology.
Sent from my SAMSUNG-SGH-I747 using xda app-developers app
I don't have an S3 but I do know a little bit about the nfc card. As stated people who know what they are doing can steal your info from the chip. But the answer is aluminum. The chips cannot be read through it. Just like the "Aluma-Wallets" shown on tv, and the aluminum and tin mixture that is used prevents any connections to the chip. If someone could come out with an aluminum case for the S3 (there may already be one knowing this flaw) the chip would be safe. Or even a belt holster, that way you can still use the function of it but only when you want to.
Tweaked 3.0 and Transparent ICS 5.0 Beta
kobe4rings said:
thanks but no thanks. I dont need it and dont want it. If your that lazy that you cant carry a wallet , you deserve to have your financial and personal data stolen which can happen if you lose your phone. you dont even need to have your phone stole for your info to get stolen. It happens all the time eith nfc chips on credit cards.
Click to expand...
Click to collapse
Google Wallet ins't broadcasting your CC data over NFC all the time; you have to login to it and select the card you want to use. Then you swipe your phone by the reader and confirm the charge on the screen.
If my phone is lost/stolen, I have a PIN to login to the phone, another PIN to activate Google Wallet, and Cerebus running under root to allow me to remotely find it, take pictures of the person holding it, and wipe the phone's internal and SD memory; I don't have any kind of that security on my $10 wallet.
I would also much rather use NFC for purchases than to hand my credit card over to a restaurant server and let them go in the back and take pictures of the front & back of it with their cell phones.
And if you have a good enough bank it takes 5 minutes on the phone to put those funds right back where they belong if someone stole your credit card information from your phone like that. I stopped carrying cash 6 years ago. If this technology takes the only thing I'll need to carry is my phone with my driver's license wedged in the case.
Credit card data isn't stored on the phone. Purchases are authorized through a virtual Mastercard through Google and then Google processes that payment to your card. Your personal CC info is never transfered from the NFC on your phone.
Sent from my Galaxy Nexus using xda premium
kobe4rings said:
thanks but no thanks. I dont need it and dont want it. If your that lazy that you cant carry a wallet , you deserve to have your financial and personal data stolen which can happen if you lose your phone. you dont even need to have your phone stole for your info to get stolen. It happens all the time eith nfc chips on credit cards.
Click to expand...
Click to collapse
What if you loose your wallet? To use Google wallet you need a pin to log in, plus Google wallet it's not on all the time, you need to log in and choose which card to use, but if you loose your wallet, most places don't ask for I'd so they can use the crap out of your card before you realize you lost it.
Sent from my SGH-T999 using xda app-developers app
I Definitely Think nfc is still a burgeoning technology, that just hasnt hit its stride, but its picking up, and now is the right time to have it, as its adoption rate will build over the next two years... The general life expectancy or our phones.
The thing ng with apple is they dont take risks ... They are slow and safe to adopt, and usually only do it, after a technology and its usefulness have been proven. Theyre strength is their ability to take a proven technology and reinvent it in away that is simplified and easy to use for the masses. So they wont take a risks on nfc yet... But they are slowly building the services to rely on it, once they do deploy. And deployment will only be after devices like ours have proven its usefulness.
That said, i myself am weary of using it for cc purposes... But i love it for other purposes such as data transfer, i.e. Android beam, S-beam, etc... Ive found them very useful and have used my nfc chip ti share data from my device to others with ease, more often than i expected. Also i believe with nfc, itll make wireless charging our devices possible, and im waiting to try that as well... So even w/o the cc stuff.. Nfc is proving itself to me everyday... Its just up to the user to determine the best use of it, for themselves.
Sent from my SGH-T999 using xda app-developers app
Much like every other new technology... why spend (and waste) money implementing it when it'd be nothing more than a novelty with no practical use. It's the reason they just now added LTE to the iPhone; until now no company has had a respectable LTE network. Apple doesn't need to gamble.
Back to the topic though, NFC is useless right now. It's nothing more than a novelty that you need to go out of your way to use on a daily basis. I absolutely love the idea of never having to carry a wallet again and would definitely adopt NFC into my day to day life... once the technology is mainstream.
Apple tries to dictate what people need...
Also i believe with nfc, itll make wireless charging our devices possible, and im waiting to try that as well...
Click to expand...
Click to collapse
Third party charging pads may already be available, they come with a new back cover to make it work.
What bothers me about this post is the fact that one piece of technology is being judged over an entire list of more important key advancements that clearly makes a huge difference between the two devices. I'm not trying to sway anyones thoughts and im not going to point out the obvious but to isolate one feature and try to get people to ground the future development if it is underhanded.
In a year from now if NFC takes off and is supported everywhere Apple will change their tune and add it themselves with a better encryption feature of some sort and claim that NFC is only better due to Apple supporting it. Either way it comes down to what company finds it more relevant and who puts a better twist to the advertisement, what most people don't read is the fact its not new technology at all and agencies have been using it for years.
I don't know but its all drama no matter how its brought up it all depends if you the user can use it and if it makes your life easier, just the fact that you can put your medical info on it and hospitals can scan it in the event you can't speak for yourself at the ER makes a huge difference in my book.
Sent from my SGH-T999 using xda premium

[Q] Import NFC tag

My bus ticket is using NFC technology. I tried to import data from card to NFC tag, than stick that tag to back of my phone, so I don't have to carry that card always with me, just the phone.
But problem is that I can't import data because NFC bus ticked is protected by serial key. Any way to crack that key?
Thank you
hrvoje334 said:
My bus ticket is using NFC technology. I tried to import data from card to NFC tag, than stick that tag to back of my phone, so I don't have to carry that card always with me, just the phone.
But problem is that I can't import data because NFC bus ticked is protected by serial key. Any way to crack that key?
Thank you
Click to expand...
Click to collapse
Someone has asked this question before. Not sure if it was you but I'll return to same answer someone else gave to the same question. The protection is installed to stop people replicating it and creating their own 'amended' data. Probably with new dates of validity.
What you are requesting is
a) Illegal
b) Against XDA rules.
I think I can say this with confidence. This site won't give you the answer.
grentuu said:
Someone has asked this question before. Not sure if it was you but I'll return to same answer someone else gave to the same question. The protection is installed to stop people replicating it and creating their own 'amended' data. Probably with new dates of validity.
What you are requesting is
a) Illegal
b) Against XDA rules.
I think I can say this with confidence. This site won't give you the answer.
Click to expand...
Click to collapse
Well, thank you for your answer. Seems illegal but I just wanted to 'upgrade' the technology which bus company is using. They probably won't do it since 2020...
Bah humbug. There's nothing illegal about taking a bus pass which you own and making something else produce the same NFC signal. That's like saying that I can scan my frequent buyers cards into an app and then use them all on my phone.
The key is probably easily cracked, but I know of no available way to crack it, short of writing your own script to brute-force it.
danguyf said:
Bah humbug. There's nothing illegal about taking a bus pass which you own and making something else produce the same NFC signal. That's like saying that I can scan my frequent buyers cards into an app and then use them all on my phone.
The key is probably easily cracked, but I know of no available way to crack it, short of writing your own script to brute-force it.
Click to expand...
Click to collapse
The key is in the language used.
Quote - "But problem is that I can't import data because NFC bus ticked is protected by serial key. Any way to crack that key?"
You're right, there is nothing illegal with your scanning frequent buyers cards. I hadn't realised they had protection on. (I never use them anyway so wouldn't know)
The owners of the software/data have put a serial key on it. To protect against it being hacked. It isn't open source. You only purchase to use said ticket for one day/week/month, however long you bought the ticket for. Once it's hacked what next? (We both know the possibilities that exist once it's hacked)
I have a suggestion, why waste time using brute force? If it isn't illegal why not phone the travel company who issued the ticket and ask them for the key.
Surely if it isn't illegal they will only be too happy to supply.
Problem solved.
grentuu said:
The key is in the language used.
Quote - "But problem is that I can't import data because NFC bus ticked is protected by serial key. Any way to crack that key?"
You're right, there is nothing illegal with your scanning frequent buyers cards. I hadn't realised they had protection on. (I never use them anyway so wouldn't know)
The owners of the software/data have put a serial key on it. To protect against it being hacked. It isn't open source. You only purchase to use said ticket for one day/week/month, however long you bought the ticket for. Once it's hacked what next? (We both know the possibilities that exist once it's hacked)
I have a suggestion, why waste time using brute force? If it isn't illegal why not phone the travel company who issued the ticket and ask them for the key.
Surely if it isn't illegal they will only be too happy to supply.
Problem solved.
Click to expand...
Click to collapse
If you knew something about that travel company, you would also try to do everything on your own, believe me. I bet that 90% of them don't know what NFC is, especially Mifare and protection key etc. It would be hard to contact a person in that company who know what am I talking about, probably impossible.
hrvoje334 said:
If you knew something about that travel company, you would also try to do everything on your own, believe me. I bet that 90% of them don't know what NFC is, especially Mifare and protection key etc. It would be hard to contact a person in that company who know what am I talking about, probably impossible.
Click to expand...
Click to collapse
This is the same company who own said software and wanted it encrypting?
I'm going to leave it here.
However, I want to leave you with a thought.
Five years from now you have developed an incredible app for android that expectations say will make you a millionaire.
Yet a month later you only have a 1,000 downloads at a dollar apiece. A thousand bucks! WTF!
This took you two years to assemble and market.
Then you think back and remember this post and wonder. So you search online for "insert your app name here" and the word crack and key.
Lol - thousands of entries, after all your app is popular.
thing is... no one wants to pay for it.
but the thing is... they only wanted to try it before they paid....
But no ones paying.
I'm outta here.
Companies try to lock down all kinds of things unnecessarily. It doesn't mean that you have to respect their misguided wishes.
He's not trying to steal from the bus company, he just wants to increase his convenience. There is nothing malicious about that.
There's no reason to be a negative Nelly and try to stifle his urge to innovate. There are enough entrenched market leaders trying to protect their little artificial fiefdoms without you sucking up and trying to do their work for them.
---------- Post added at 09:58 PM ---------- Previous post was at 09:55 PM ----------
hrvoje334 said:
My bus ticket is using NFC technology. I tried to import data from card to NFC tag, than stick that tag to back of my phone, so I don't have to carry that card always with me, just the phone.
But problem is that I can't import data because NFC bus ticked is protected by serial key. Any way to crack that key?
Click to expand...
Click to collapse
Starting at the beginning: What have you already tried? Do you know what kind of NFC card it is? Have you used a reader or Android apps?
Exactly,I don't want to steal anything. I've paid for a season ticket and I was just wondering if I could make it more practical, since the company doesn't offer you that option.

Categories

Resources