General NFC security

SanyaIV

@johnyma22 And at the same time one browser exploit is all it could take.

But disregarding URLs, several other things auto-launch as well when scanning an NFC tag (with relevant records on it) The likelihood of one of these having some sort of vulnerability that has yet to be found is relatively probable (formation of that sentence doesn't meet exactly what I say but I can't figure out how to say it better, tired)

Either way I don't like the auto-launch nature of how NFC seems to work on my phone and I see it as a security issue but would still like to use NFC (having to verify to do whatever the tags says to do) So for example when reading a tag with a URL then it would show a pop-up that says something like "Tag wants to open [URL]" with a button "Open" and "Close" etc.. Is that possible or no?

Sure there may be simpler attack vectors but just because there are simpler attack vectors doesn't mean one should leave a possible attack vector ignored and open for abuse. I mean, it doesn't even have to be malware, could simply be malicious websites that someone wants to spread, opens a phishing site for a bank, general propaganda spreading for X or Y cause, spreading disturbing content, having a ring on your finger and "accidentally" bumping into someones phone causing it to open a site showing discriminating content etc.. you know.. And that's just looking at what you can do with URLs, there's probably other things you can do as well. My point is that auto-launch is not a good thing to force, the user should be able to choose whether to open things automatically or having to verify first. I mean, I can see the benefits of automatic launching for.. well.. automation, but at the same time I can see disadvantages with it. Of course one could just disable NFC, but i'd still like to use it.

jasok2

@SanyaIV said:

Either way I don't like the auto-launch nature of how NFC seems to work on my phone

@SanyaIV have you considered a windows phone ? last I had one, every time a NFC action happened, it caused an annoying user prompt which the user had to manually approve before anything happened.

To me this was annoying, however it sounds exactly what your after.

cheers

SanyaIV

@jasok2 I have considered it, didn't know about how NFC works on it though, but Windows phone doesn't have all the things I need, for example from what I gather the Pebble support for it is non-existent or poor. And besides that it lets me do less things etc, just not a phone OS I'd like to use in its current state.

jasok2

@SanyaIV said:

@jasok2 I have considered it, didn't know about how NFC works on it though, but Windows phone doesn't have all the things I need, for example from what I gather the Pebble support for it is non-existent or poor. And besides that it lets me do less things etc, just not a phone OS I'd like to use in its current state.

yeah, I get that. I ditched it too. I do wonder what windows 10 phone will be like, but I really need the sonos app :( sigh.

SanyaIV

I'll borrow my own thread to ask another question: Is it okay to place the Asus NFC Express device on top of my Desktop case or will it cause any interference of any sorts?

Lokki

It should be ok but YMMV. Give it a try and see how it goes.

SanyaIV

@Lokki Tried it, works relatively fine but the angle gets a little weird for me, but still looks way nicer.

Lokki

I've always figured that if I set one up for my desktop I'll use a router to make a recessed hole in the desk top to hold the reader.
Or make my own with PN532+Arduino and recess into the bottom side of the desk top and read through the remaining wood.

SanyaIV

So now after trying with the NFC Express on top of the desktop for a while I can say that it was impractical for me, I'm not sure if it was interference or just the angle but it would take longer and more re-positions to get the Asus tag to read when I had the NFC Express on top of the Desktop case. I've since changed it to sit upside down on the underside of the table (Using folded duct tape..) over the desktop, this has given me a much more comfortable angle and it reads much better now (faster and rarely need to re-position)

Again, not sure if interference or angle but I'm starting to think it was a bit of both.

Edit: Actually, perhaps I'm using the word "Desktop" incorrectly, I use it to refer to my stationary computer that resides under my table.

Lokki

Yeah, possibly - my desktop computer, routing a mounting point in the wooden desk top.
;-)

SanyaIV

Hmm.. Folded duct tape didn't work very well, started to come loose after a while, decided to get double-sided tape instead which seems to work just fine.

Lokki

Speaking from experience it's best to use a wax and grease remover on things you're sticking double-sided tape to. Do that and it'll never fall off.