1. goombah's Avatar
    Hi All:

    I just started messing around with NFC with some tags I ordered and getting some good ideas on the forum for usage. And for background, I'm no developer- not even close.

    Here's a little anecdote of what happened to me today at lunch at the local Panera. As usual, I pulled out my phone (AT&T SGS3) and set it on the tabletop. I heard a faint "ding" which is the sound my NFC notification makes. At first I didn't know where it came from. A few reenactments later, I determined it was indeed coming from my phone. I started looking under the table, placing it in different locations on the top, etc. Something was communicating with my phone that I hadn't given permission. So I started searching online, and eventually downloaded NFC Taginfo from the Play store. I opened it, scanned the table, and up popped information on the tag installed. I googled codes on the tag (first block was labeled "lrs") and found out it was most likely the table tracking system used by the restaurant to deliver your food. Now I'm all good with that, but...

    The tag seemed to be rewritable. So here's my (obviously uneducated) concern. What is to stop someone from reprogramming such a tag (hidden or not) and enabling some kind of exploit? Easiest I could think of was to point your browser to some kind of site with malicious code written therein. Is this a possibility, or am I way off base? I mean, many of us place our phones on the table at some point, and tablets too. If NFC is enabled, can it be used against you? Or do they have some way of making those tags rewritable only by their hardware/software?

    Thanks everyone for all the help. This site has been amazing. Cheers!
    01-16-2013 05:41 PM
  2. Shadowriver's Avatar
    That depends on tag you using go see nfc talk from googe io 2011 (or 10 dont remember ; p) to learn all about it. As for having it enabled matter, NFC works only when device is awake.
    01-17-2013 12:10 AM
  3. alicechong7789's Avatar
    If the original owner of the NFC Tag didn't "Lock" the tags when they first wrote on them then pretty much anyone with an NFC phone can use NFC Apps to change the contents of the tag. Try downloading an NFC App like NXP Tag Writer and see if you can change the tag.

    "If NFC is enabled, can it be used against you?" Let's say the tag was encoded with a URL. Usually, when you tap on a tag, your phone may ask you whether you want to open up your browser and go to that link. Sometimes your phone will do it automatically, I think it just depends on the settings.
    And Yes, NFC works only when your phone is out of the lock screen. So if your phone is locked then nothing will happen to your phone.
    I have both Chrome and Internet on my HTC phone, and when I tap on a tag with a URL, I get a popup asking me whether I want to open the link with Chrome or with Internet and a checkbox if I want to allow the link to open automatically.
    01-17-2013 01:13 PM
  4. goombah's Avatar
    Thanks for the replies.

    I've been experimenting with the tags and NFC Task Launcher (for my wife's car, mine, nightstand, etc.), so I do understand that the device must be unlocked for them to work. Mine was awake because I'd been using it and set it down to eat. Therefore, the tag was recognized. Didn't want to mess with it, but now may have to go back and find out if I can.

    I programmed a tag with my phone and scanned it with my wife's. Not very scientific, but reddit opened right up- no permission requested. I'll have to see if there is something I can change. But that still won't stop others from being directed if someone programs a tag and leaves it for all to scan and their permissions are wide open. Might have to do a table experiment on others and point them somewhere and measure the hits.
    01-18-2013 12:07 AM

Similar Threads

  1. is there a rom in the making?
    By jmar4life in forum Virgin Mobile Optimus Slider
    Replies: 12
    Last Post: 11-14-2011, 07:37 PM
  2. Is there any point in getting the NS4G now?
    By Linkchomp in forum Sprint Nexus S 4G
    Replies: 45
    Last Post: 06-05-2011, 09:20 PM
  3. Is there a difference in ADB and the AutoRoot functions?
    By Ricom1 in forum Thunderbolt Rooting, ROMs, and Hacks
    Replies: 1
    Last Post: 05-08-2011, 10:58 AM
  4. Is there an App in Android Market to watch Live TV?
    By Crackiswack_Bold_is_cool in forum Android Apps
    Replies: 14
    Last Post: 04-12-2011, 12:09 AM
  5. Is there a flaw in my plan?
    By born2run in forum Verizon HTC Thunderbolt
    Replies: 6
    Last Post: 03-16-2011, 08:27 PM