You might have seen a TV show or movie where a hacker grabbed someone's credit card information or cloned an RFID identity badge just by standing next to them. Unlike many Hollywood hacker techniques, this one is sadly real thanks to new technology.
Most new smartphones include a featured called Near Field Communication, which is based on radio frequency identification technology. This is a radio system that only works out to about 8 inches or so. It's great for transferring information to other gadgets, such as another smartphone or payment system, at close range.
At the same time NFC is appearing in every smartphone, an increasing number of credit cards are contactless. That means they contain an RFID chip that lets you make payments by touching the card to a payment system or just putting it near the payment system.
When you combine a smartphone with NFC and credit cards with RFID chips, you have a problem. A hacker could stand next to you and pull your credit card information.
However, the odds of a hacker with a smartphone standing next to you or walking past you while you're carrying a contactless credit card are slim. That's why security researchers are worried about a much trickier type of attack. Ricardo J. Rodriguez and Jose Vila demonstrated such an attack at a recent Hack In The Box Security Conference.
The idea is that a hacker slips a malicious app on to your Android smartphone (Apple smartphones are mostly immune to malicious apps). It then uses YOUR phone's NFC to read your credit card, and send the information to the hacker's phone, which is in range of a legitimate payment terminal. Your credit card will think it's next to a payment system, and the hackers can make charges to it.
Now, there is a limit on how much you can spend using NFC before a PIN is required. So, hackers won't get a lot of money from any one card. However, if millions of people have contactless credit cards, and millions of people have Android smartphones with NFC, the potential rewards are huge.
Fortunately, this attack is fairly easy to beat. Simply slip your credit cards into an RFID-proof wallet or purse, like the models I sell in my store. That will prevent anything outside the wallet from connecting with your card.
You should also make sure you don't install any malicious app on your phone. Click here to learn how to secure your phone against malicious apps and other threats.