NFCEraser: A Security Threat of NFC Message Modification Caused by Quartz Crystal Oscillator

Near Field Communication (NFC) has been widely used for rapid data exchange between electronic devices over a very short distance. In this paper, we reveal a new security vulnerability in NFC passive communication channels where transferred data can be modified in real-time. The security threat of data modification posed by this vulnerability is called NFCEraser. Exploiting electromagnetic interference (EMI), NFCEraser injects signals into the crystal oscillator’s electrode and adjusts the amplitude of carrier signals in NFC communication channels. By manipulating the parameters of EMI signals, NFCEraser is able to arbitrarily flip the bits in data payload sent from an NFC peer device, which may cause serious security outcomes. To assess the severity of NFCEraser, we examine six NFC modules under NFC-A/B communication modes and successfully perform reading operations under a variety of data lengths. The experimental results show that NFCEraser can modify data bits in response frames from NFC peer devices with the maximum 89% accuracy, under around 0.21μs latency. Our analysis further shows that NFCEraser can maintain an attack success rate of no less than 85% in environments with typical levels of electromagnetic noise.