The woman, was surprised by noticing that the data was displayed directly on the display of her device, the data sent to the smartphone included the card number stored in close range and the account’s last 10 transactions with related amounts and locations.
“Feng, who said she had not accessed her bank account on her phone or entered her password, initially thought it may have been the work of spyware, though she soon realized it was an automatic function because her bank card could still be read even after she closed all running applications.” states theWChina Times.
“Near field communication (NFC) is a set of standards for Smartphones and similar devices to establish radio communication with each other by touching them together or bringing them into close proximity. The standard describes a radio technology that allows two devices to communicate at a short distance, no more than a few centimeters, allowing the exchange of information quickly and safely.” I reported in a previous post in NFC standards.
The disconcerting discovery made by the experts in charge of the Yangtse Evening News newspaper is that the Feng’s phone could retrieve details from a microchip bank card automatically in two seconds from within a range of about 10 centimeters.
Now when an attacker pass very close to your wallet in a crowded place, he can steal personal information from bank cards without the victim’s knowledge.
Feng declared to be shocked by the behavior of the Xiaomi smartphone and she believed the company should have warned its customers of this potentially serious security flaw that could expose them to the theft of personal information from bank cards.
“She said when she called customer support she was told that she could simply switch off the NFC function if she had concerns.”
This is really worrying, let’s hope Xiaomi and other manufacturers will consider seriously the NFC security issues.
