Thursday, November 11, 2010

Near Field Communication on the iPhone: Is It Really Such A Good Idea?

Recently the Cult of Mac (and other Apple rumor sites) have mentioned the recent patents made by Apple to include Near Field Communication (NFC) in the next iPhone for security and remote computing options for coming Macintosh computers.  On the surface, this sounds like a great idea.  All you have to do is have your iPhone near your computer, or any Macintosh for that matter, and you would instantly be able to log into your computer with all your preferences and settings available.  Who wouldn't want to avoid having to log into their computer constantly?


But there is a problem:  security.  Near Field Communication uses a high-frequency RFID token, which is easily picked up by various devices.  This is called eavesdropping, and makes NFC an insecure method of transmitting personal information, such as login tokens.  The only way to guarantee security would be to utilize an authentication method like Kerberos, where keys are generated and expire after short periods of time, and you have a token that can decrypt the information.  This means an extensive Directory system running in the background. 


Of course, Apple is building a huge data center.  And it's possible to add the layer into the Apple ID system, which would guarantee anyone with an iTunes account would have access.  This may be why Apple is working so hard in the background, and why we haven't heard anything like this before. 


But other suppositions to the NFC technology has been remote banking and payment using RFID.  There are some credit and debit cards that have this capability, but due to the relative ease of eavesdropping, I do not own one nor intend to own one.  They are not very secure, and I would prefer that information not be available.


Other applications would be remote access to physical space.  When I worked for eBay, we used an RFID card to access the building.  I've also thought of using the same technology for access to my house.  Having an RFID transmitter in my iPhone, which I am never without, would be convenient.  But there is still that issue with eavesdropping.


So where does this leave us?  I don't think it's impossible for Apple to make this plunge, or to do it well.  But I do think that Apple has a lot of security concerns to overcome before this can be a reality.  And if I do end up with an iPhone in the distant future that has NFC capabilities, I would definitely not use it for remote payment from a bank account.


No comments: