الرئيس التنفيذي
أشرف الحادي

رئيس التحرير
فاطمة مهران

Smartphone users should be aware of the threats posed by malicious NFC tags

MOSCOW, RUSSIA - FEBRUARY 1, 2017: A view of the Kaspersky Lab headquarters. Kaspersky Lab is a Russian cybersecurity and anti-virus provider founded in 1997 by Eugene Kaspersky, its current CEO. Vyacherslav Prokofyev/TASS (Photo by Vyacheslav ProkofyevTASS via Getty Images)

The festive shopping season is just over. Whereas once cash was king, now more shoppers than ever use their mobile phone’s electronic wallet as a contactless payment system when buying items, replacing credit cards or electronic ticket smart cards.

Smartphones increasingly rely on Near Field Communication (NFC) technology for convenience and connectivity, but cybersecurity experts warn about a rising threat: NFC tag tampering. This tactic, often overlooked, can expose users to phishing attacks, malware, and data theft with a simple tap of their phone.

“NFC technology is incredibly convenient, but it’s also a vector for malicious activity if users aren’t cautious,” warns Marc Rivero, Lead Security Researcher at Kaspersky. “Innocent-looking tags in public spaces can be reprogrammed or replaced to carry out harmful actions. As the adoption of NFC continues to grow in areas like payments, public transport, and marketing, we anticipate that malicious actors will become increasingly sophisticated in their tactics. In the next few years, NFC-related attacks could potentially target thousands of users globally, particularly in urban areas where NFC usage is widespread. Awareness and proactive measures are key to mitigating these risks.”

How NFC tag tampering works

NFC tags are widely used in marketing campaigns, public transport systems, and smart home setups to enable quick, touch-free interactions. However, this same convenience makes them susceptible to tampering by malicious actors.

One method involves reprogramming legitimate NFC tags. These tags, when left unlocked, can be altered to redirect users to phishing sites, initiate unintended actions on their devices, or even deliver harmful software payloads. Another method is the physical replacement of original NFC tags. For example, attackers might swap out a genuine tag on a public poster or kiosk, in high-traffic areas like transportation hubs, cafes, or retail stores, with one that triggers harmful behaviors.

The dangers of malicious NFC tags

The consequences of interacting with a malicious NFC tag can be severe. Phishing attacks are among the most common outcomes, where users are redirected to fraudulent websites designed to steal personal information or login credentials. It’s possible that vulnerabilities in a smartphone’s NFC reader can be exploited to execute harmful code, compromising the device’s security. Malicious NFC tags can also prompt users to download apps or files containing malware, which may steal data, track activity, or damage the device. The seemingly small act of scanning a tampered NFC tag can thus lead to significant financial and privacy repercussions.

Protect yourself against NFC tag tampering

To stay safe, users are encouraged to adopt these simple but effective measures:

  1. Inspect NFC tags. Avoid scanning tags in untrusted or suspicious locations and look for signs of tampering.
  2. Verify actions. Always carefully explore the URL or action triggered by a tag before proceeding.
  3. Disable automatic actions. Configure your smartphone to require confirmation before executing NFC-related commands. Install a reliable security solution on the device to reduce the risks.
  4. Stay updated. Ensure your smartphone’s software is up to date to protect against known vulnerabilities.

Advice for businesses

Organizations using NFC technology should take proactive steps to secure their systems and protect their users:

  • Use locked or “read-only” NFC tags to prevent tampering.
  • Regularly inspect their tags in public spaces for alterations.
  • Educate customers and employees about safe NFC practices.

About Kaspersky

Kaspersky is a global cybersecurity and digital privacy company founded in 1997. With over a billion devices protected to date from emerging cyberthreats and targeted attacks, Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection, specialized security products and services, as well as Cyber Immune solutions to fight sophisticated and evolving digital threats. We help over 200,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.

 

 

 

Related Posts

Prominent Miami Participation in IPS 2025 in Dubai

AIM Congress 2025 Kicks Off in Abu Dhabi on Monday with 20,000 Participants

Kaspersky uncovers advanced Triada trojan preinstalled on counterfeit smartphones

Trump’s ‘Liberation Day’: What to Expect from the Upcoming US Tariff Plan Lale Akoner, Global Markets Analyst at eToro

EFG Foundation, Bank NXT Foundation, and Kaf Insurance Sign an Agreement with the Magdi Yacoub Heart Foundation to Support Training and Qualification of Nurses at the Aswan Heart Centre

Abdulaziz Al-Roomi Launches His Second Book HR Hustler: A Game-Changing Guide for the Future of HR Leadership

Al-Futtaim Real Estate Launches Ramadan Initiative: Supporting 10,600 Individuals Through Ramadan Boxes

Reinforcing Commitment to Customer Satisfaction: LG Egypt Launches Bright Service “Hygienic Maintenance

آخر الأخبار
إعادة فتح ميناء الغردقة البحرى وانتظام الحركة الملاحية بموانئ البحر الأحمر انطلاق فعاليات رالي الطائرات "Rally Siwa Sands 2025" بمشاركة عالمية لتعزيز الرياضات الجوية «الصحة العالمية»: الوضع الصحي في غزة كارثي والإمدادات الإنسانية محجوبة رئيس الاحتياطى الفيدرالى الأمريكى: سنبقى على سعر الفائدة حاليا البنك المركزي البرازيلي يعلن إطلاق ميزة تقسيط Pix في سبتمبر المقبل مجموعة موانئ أبوظبي تعين "مار للإنشاءات" و"دار الهندسة" لتصميم وتنفيذ مشروع تطوير "موانئ نواتوم – مح... Prominent Miami Participation in IPS 2025 in Dubai مشاركة بارزة لميامي الأمريكية في معرض IPS 2025 بدبي قمة AIM للاستثمار 2025 تنطلق في أبوظبي الإثنين المقبل ب 20,000 مشارك AIM Congress 2025 Kicks Off in Abu Dhabi on Monday with 20,000 Participants حالة الطقس غدا.. مائل للحرارة نهارا والعظمى بالقاهرة 27 «آي صاغة»: تراجع الذهب وسط اضطرابات الأسواق العالمية خبير عسكري: إسرائيل تدفع الفلسطينيين للموت أو الهجرة القسرية اكتشافات أثرية جديدة بمعبد الرامسيوم بالأقصر تكشف عن جانب كبير من أسراره رانيا محمود ياسين تطلب الدعاء لزوجة نضال الشافعي اتحاد الكونغ فو يحدد مواعيد بطولاته حتى شهر يونيو فريدة الشوباشي تندد بانتهاك إسرائيل للمقدسات وتؤكد دعم مصر الثابت للعرب والفلسطينيين المشاط تبحث مع المدير التنفيذي لمصر بالبنك الأفريقي للتنمية تطورات تنفيذ الاستراتيجية القُطرية “آي صاغة” تتحمل رسوم التحويل عبر “إنستاباي” وتقدم خصم 1% على مدفوعات الذهب جمعية الخبراء تطالب بتعليق ضريبة الملاهي قبل افتتاح المتحف المصري الكبير