Keeping NFCs Secure

With short-range communications ubiquitous today, it is imperative that they be secure.


Short-range communications, including near-field and semi-near-field communications such as Bluetooth, AirDrop, and Zigbee, have become as much a part of our daily lives as our mobile devices. Through some incredible engineering and standards efforts, they have achieved low-power communication over short distances with remarkable accuracy and consistency. But as even more devices begin tapping into these communications standards, it will become imperative that the data exchanged is secure and will only be communicated to the intended recipient.

One short range communications protocol that has seen explosive growth thanks to its adoption by the iPhone 4 in 2012 is BlueTooth Low Energy (BLE), observed Emerson Hsiao, senior vice president of North America Operations at Andes Technology. “No sooner had the wireless protocol became commercial in the iPhone, it became adopted by a number of other applications, including health care monitors, sports activity monitors, tire pressure sensors, and many more.”

However, he reminded that as soon as the BLE specification was published, hackers began interrupting the communications between legitimate master and slave. In fact, a Youtube video “Hacking Bluetooth Low Energy: I Am Jack’s Heart Monitor” describes how this was accomplished.

The technique used to hijack BLE is to sniff the transmission between legitimate transmitter and receiver, thus replacing the legitimate transmitter with the hacker’s transmitter. Then, once the hacker learns how to talk with the sensor, the sensor’s embedded processor can be forced into an unknown state by overflowing the device, thus disabling it, Hsiao explained.

To combat this, many different approaches are being taken: some software, some hardware, and likely the most effective will be a combination of the two. Companies like Andes Technology have secure embedded cores include a number of security features including a feature called StackSafe that forces the embedded processor to always execute the recovery code when it experiences a fault such as that forced by a hacker.

And some secure CPUs, like one from Andes, also provides a secure interrupt feature. In this case, when a secure routine detects an interrupt, it automatically saves the machine state and clears the CPU registers. If the interrupt routine is malicious, it is not able to detect the machine state as all registers are cleared.

In another example, ARM has been working at security for quite a while and has not only its TrustZone technology, but more recently has added security in cores and architectures for more of a soup to nuts kind of approach.

This is a fast evolving market with new entrants and new approaches, which makes it an extremely interesting one to try to keep up with. Please chime in with your thoughts, below.

Leave a Reply

(Note: This name will be displayed publicly)