EnGarde: Protecting the mobile phone from malicious NFC interactions

Published by Microsoft Research

Near Field Communication (NFC) on mobile phones presents new opportunities and threats. While NFC is radically changing how we pay for merchandise, it opens a pandora’s box of ways in which it may be misused by unscrupulous individuals. This could include malicious NFC tags that seek to compromise a mobile phone, malicious readers that try to generate fake mobile payment transactions or steal valuable financial information, and others. In this work, we look at how to protect mobile phones from these threats while not being vulnerable to them. We design a small form-factor “patch”, EnGarde, that can be stuck on the back of a phone to provide the capability to jam malicious interactions. En-Garde is entirely passive and harvests power through the same NFC source that it guards, which makes our hardware design minimalist and facilitating eventual integration with a phone. We tackle key technical challenges in this design including operating across a range of NFC protocols, jamming at extremely low power, harvesting sufficient power for perpetual operation while having minimal impact on the phone’s battery, designing an intelligent jammer that blocks only when specific blacklisted behavior is detected, and importantly, the ability to do all this without compromising user experience when the phone interacts with a legitimate external NFC device.