I am investigating about the vulnerabilities that have the NFC technology, I found several attacks that can be made to this technology. Several articles focus on the attacks that can be made from the xNT to the reading devices. My interest is to know the vulnerabilities that the xNT chip can have. Cloning the UID of the implant is an option, which other possible attacks can be performed. Help me please
The vulnerabilities of an NTAG216 are pretty much the same as a standard book. Just like you need to be near a book to open the cover and read it’s pages, the only “attack” on the NTAG216 is getting close enough to the person (about 1cm) to read the tag.
1 Like
Do you think it is possible to increase this distance of the implant reading?
see my reply in the other thread.
ya la revice, that is, an eavesdropping attack on the implant can not be achieved since the reading distancea is maximum 1.5 cm.
see my reply in the other thread.
Which thread?
it is possible to perform a replay attack on the implant or not
xNT has no security so you can do anything you want, the book analogy is apt. Just read it and you have all the contents. There is no “replay attack” needed.
Otherwise the crypto1 and cryptEV1 on other chips (Classic and DesFire) have been broken, the rest of the chips are safe for now.
Sort of… basically if you set a non-factory password and set AUTH0 to say 00 or even 04 and then also set the PROT bit to 1 then your xNT tag will not let the memory be read without authentication… but it’s not what I would consider to be “secure”… this is because anyone could spoof your UID to the application reader, and the reader would send the password in the clear to the attacker. Then they could approach your tag and authenticate and read the content.
If you want real security in an implant, use a flexDF or xDF2 or explore what VivoKey has to offer.
3 Likes