Researchers have demonstrated that the near-field communication (NFC) protocol can be used to exfiltrate small amounts of data, such as passwords and encryption keys, over relatively long distances.
NFC enables two devices to communicate over distances of up to 10 cm (4 in). The system, present in most modern smartphones, is often used for making payments, sharing files, and authentication.
Pedro Umbelino, senior researcher at application security firm Checkmarx has demonstrated that NFC can actually work over much longer distances and it can be highly efficient for stealthily exfiltrating data from air-gapped devices that have other communication systems – such as Wi-Fi, Bluetooth and GSM – disabled.
The attack, dubbed NFCdrip, involves changing NFC operating modes to modulate data. In the case of Android, changing NFC operating modes does not require any special permissions, making the attack even easier to launch.