The potential applications for near field communications (NFC) are numerous and appealing. But now that Apple has decided not to put NFC in the iPhone 5, the rest of the world might hesitate. If it doesn't, and NFC becomes popular anyway, Apple could have a problem.
Android and Windows Phone seem to be diving into the near-field communication (NFC) pool, but Apple said no for the iPhone 5. If Apple had signed on, it's a reasonable bet that some sort of retail presence for NFC would develop to take advantage of it, but now I'm not so sure. The lack of NFC in the iPhone 5 might retard deployment of NFC in the real world.
On the other hand, maybe the opposite is possible. Maybe NFC will be deployed--after all, Android is the volume leader--and Apple users will be the ones to miss out, and iPhones will end up behind the curve in this way. And it's not just retail.
My own personal sense is that NFC is basically a gimmick, but it does make some operations so easy that I can see people liking it. The choice is this: Currently you either have to have the point of sale scan a barcode on your mobile device or maybe do some app-based payment system. With NFC you'd be able to hold the device within a few centimeters of the point of sale or tap it against some designated point and a transaction would take place. You might or might not get some confirmation screen on your mobile; I hope you do because it's asking for big trouble for them not to confirm, but that's an implementation issue.
No question it's easier the NFC way, but for some reason Apple passed on it and now it will be a year before it can implement it. What do you think? Did Apple miss out, or did it take a pass on a lot of trouble?
Fundamentally, there's nothing less secure about NFC, just implementations of it. It's a wireless communication standard like many others implemented on phones, computers, tablets, and other devices, but (as shown in the chart below) it only works in very close proximity--just a few centimeters--and at a fairly low data rate.
Will everyone else run away from the security issues like Apple? The potential applications for NFC are numerous; the most trite example is paying for your coffee by tapping your phone against some designated point at checkout, but your NFC phone could also present a ticket at the turnstile of a concert or sporting event. Tapped against a copier or printer it could allow you to print a document from your phone, and there are already projects to provide information to phones at kiosks, such as this one from the Long Island Railroad.
As Miller showed at Black Hat, the security problems derived from two implementation characteristics: The features were turned on by default, and NFC actions could be invoked without confirmation by the user. Unfortunately, both probably are viewed as "features" because the whole point of NFC is to make complex things brain-dead-simple--even if you can't read you can learn to tap the phone.
From the point of view of security dweebs like Charlie and me, users should have to turn such features on deliberately, and when they do so, that would be a good point to give them some warnings about possible dangers. Actions when tapping the phone should not just happen; the user should be presented with an alert on the device presenting them with options: Do you want to receive information from this kiosk? Do you want to view the Web page at www.example.com/whatever? Do you want to pay this much to this vendor from this credit card?
This is a lesson Microsoft learned painfully for PCs in the period of roughly 2004-2009: default-deny is the secure strategy. Android isn't likely to get this right for a while; I'm curious to see Microsoft's NFC implementation in Windows Phone 8 and how it's handled.
I think people will want these applications and I'm willing to bet they'll start popping up in spite of there being no iPhone support. Apple better hope they don't get too popular.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
2017 State of IT ReportIn today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.