Hacker News new | comments | show | ask | jobs | submit login

You can't clone it as many do challenge response but you can relay it - check out NFCgate for example.

This would allow you to say, hold one device to the reader and one against someone's pocket to open a door.

Or to share an NFC transit pass between multiple people over the internet.

Search for "distance bound protocol" if you want to read about current crypto research to prevent relaying.

There are some interesting attempts at these protocols but most of them rely on multiple powered devices, not induction powered smartcards which inherently adds delay and not necessarily predictable delay.

No one has a proven system for doing this in today's smartcards to my knowledge. Though there is some research which promises this may be possible in the future.

Even those proximity car locks do a horrible job of distance bounding - many of them do it off RF level which means an attacker merely needs an amplifier to steal your car - and that offers an almost optimal situation for the application. So I think we'll probably see it there before smart cards. Maybe the timers necessary make this cost prohibitive though. I'm not in a position to say one way or the other.

Applications are open for YC Summer 2018

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact