New NFCdrip attack could be used to exfiltrate data from air-gapped systems
- The NFCdrip attack uses the On-Off Keying ASK modulation to adjust the data of NFC operating modes.
- A researcher demonstrated a successful attack over a distance of 2.5 meters.
New research has revealed that the near-field communication (NFC) protocol can be exploited to steal valuable data from communicating devices which are within a range of up to 10 cms. Dubbed NFCdrip attack, the technique could be leveraged to exfiltrate passwords and encryption keys.
Pedro Umbelino, a senior research at application security firm Checkmarx demonstrated the attack using several air-gapped systems. The researcher discovered that the attack is highly efficient on devices that have communication systems such as Wi-Fi, Bluetooth and GSM disabled.
The NFCdrip attack uses the simplest form of amplitude modulation method - the On-Off Keying (OOK) - to adjust the data of NFC operating modes. This provides attackers with easy access to malicious applications, which can eventually exfiltrate data via the NFC frequency.
“A malicious application can take advantage of this to exfiltrate data via the NFC frequency, at a distance much bigger than previously thought it possible, even with cheap, off-the-shelf components: a simple AM radio is enough to receive the signal,” Haidee LeClair, a spokesperson for Checkmarx, explained in a blog post.
The researcher demonstrated this by using a USB dongle. He was able to decode the data signal from a distance of 40 meters.
“Adding the USB dongle, we could reliably decode the signal at 40 meters, a 99,900% increase. Visually, that’s the difference between four pencil widths and an Olympic swimming pool,” the LeClair added.
The researcher highlighted that data could be successfully transmitted over a distance of 2.5 meters without any error. However, when the transfer of data was maintained at a distance of 10 meters, Umbelino experienced some errors, although they were later corrected.
The number of errors increased with the increase in distance. This also resulted in signals fading. LeClair said that the data transmission range could be extended by using either an AM antenna or a software defined radio (SDR) dongle, Securityweek reported.
While experts consider that NFCdrip attack to work only at very short ranges, security experts see it as a potential threat for data exfiltration.
“They must be taken more seriously when it comes to threat analyses and policies to prevent data exfiltration. Imagination knows no boundaries, and hackers with time, energy and interest will find ways to exfiltrate data from any device that’s turned on,” said LeClair.