Denial-of-service attack possibilities on NFC technology

Abstract

The usage of near field communication (NFC)-enabled mobile phone devices increased in several sectors such as identification, connected home, payment, and business. Moreover, the implementation of NFC in many field which is closely related to personal data of consumers or users. Therefore, security issues in NFC-enabled mobile phone devices has become one of challenging for utilizing this technology in consumer privacy concerns. In this research, the author analyze and conducted security testing on NFC-enabled mobile phones based on reader/writer operating mode in peer-to-peer fashion manner to find a few vulnerabilities. The author use Denial-of-Service attack methods for the attacking NFC-enabled mobile phones through NDEF messages by two semantic levels of Distributed Denial-of-Service attack techniques, first is Attacking an application technique used to make a NFC-enabled mobile phones browser could not handle when the opening a single URL which contain infinite loop, for a moment the browser opened one hundred page more and appear dialog box “browser isn't responding”. Second is exploiting vulnerability in NFC-enabled mobile phones, the author develop a simple app.apk which set appname 500000+ chars in strings.xml file. This app give some serious impact the NFC-enabled mobile phones, where the smartphones for a few moment could not respond any interaction from user and after several times the smartphone can respond slowly some interactions from the user, crash and rebooting automatically. The proof of concepts have been conducted on three NFC-enabled mobile phones.