Kaspersky warns of increasing threats from tampered NFC tags

Cybersecurity firm Kaspersky has released new research detailing the increasing threat posed by maliciously tampered Near Field Communication (NFC) tags to electronic device users.

NFC technology, widely used for activities such as contactless payments, public transport access, and marketing, is being manipulated by cybercriminals to conduct unauthorised actions, including phishing and malware attacks. The ease of use of this technology, which relies on a simple tap of a smartphone, now presents potential security vulnerabilities.

Marc Rivero, Lead Security Researcher at Kaspersky, emphasised the dual nature of NFC technology, stating, "NFC technology is incredibly convenient, but it's also a vector for malicious activity if users aren't cautious. Innocent-looking tags in public spaces can be reprogrammed or replaced to carry out harmful actions. As the adoption of NFC continues to grow in areas like payments, public transport, and marketing, we anticipate that malicious actors will become increasingly sophisticated in their tactics. In the next few years, NFC-related attacks could potentially target thousands of users globally, particularly in urban areas where NFC usage is widespread. Awareness and proactive measures are key to mitigating these risks."

The process of NFC tag tampering involves either reprogramming existing tags or physically replacing them with harmful variants. Unlocked NFC tags pose a risk as they can be altered to redirect users to phishing sites, trigger unintended device actions, or deliver harmful software. Physical replacement is also a method employed by criminals, where manipulated tags are substituted in high-traffic public areas, such as transportation hubs and cafes, potentially leading to severe consequences for unsuspecting users.

The repercussions of interacting with a malicious NFC tag can be substantial. One major threat includes phishing attacks, where users may be unknowingly directed to counterfeit websites aiming to extract personal data and login details. Additionally, vulnerabilities in a smartphone's NFC reader can be exploited, leading to the execution of damaging code, compromising device security. There is also the risk of downloading malware through tampered NFC tags, which could result in data theft, activity monitoring, or device impairment.

Kaspersky advises smartphone users to take specific precautions to avoid NFC tag tampering risks: inspect NFC tags for any signs of tampering, avoid scanning tags in untrusted locations, verify any URL or action triggered by a tag before proceeding and disable automatic actions by configuring smartphones to require confirmation for NFC-related commands. Users are also encouraged to install reliable security solutions on their devices and keep their smartphone software up to date to safeguard against known vulnerabilities.

For businesses employing NFC technology, Kaspersky suggests using locked or "read-only" NFC tags to prevent unauthorised modifications. Organisations are also advised to regularly inspect publicly accessible tags for alterations and educate both customers and employees about prudent NFC practices to fortify their security measures.