Near Field Communication growth received a shot in the arm when Google last fall introduced Host Card Emulation (HCE) in its latest mobile operating system. In doing so, it made NFC possible without the need for a secure element. Though HCE offers cost and time-to-market benefits, a new UL (Underwriters Laboratories) white paper points to increased risk as well.
Visa’s and MasterCard’s recently announced support for Host Card Emulation solicited excitement among supporters of Near Field Communication, whose introduction has been hampered because of discussions among the chief key players thought necessary to support the contactless-payment technology – namely banks, telcos and handset makers.
But that changed in October last year, when Google introduced KitKat 4.4, the latest version of its mobile operating system. Included in KitKat now are HCE-based NFC payments capabilities, which eliminate the need for a secure element (smart chip) to support the contactless functionality. As such, handset makers and telcos are no longer strictly necessary to launch an NFC-based service over NFC-enabled phones.
NFC is a short-range wireless technology that can communicate two ways between NFC chips. NFC has three operation modes: Reader/Writer Mode for reading/writing data from/to a tag, Peer-to-Peer Mode for communication between two devices and Card Emulation Mode for emulating a smartcard. The first two modes (Reader/Writer and Peer-to-Peer) are routed to the host central processing unit, while Card Emulation Mode is routed to a secure element.
An HCE fix
Android KitKat’s HCE changes this by allowing commands in Card Emulation Mode to be routed to an HCE service on the host central processing unit.
HCE adds great value for service providers in that it enables them to support NFC at an acceptable reduced level of security in exchange for improved time to market, development costs and the need for broad cooperation. However, as a new white paper from UL points out, service providers also must be made fully aware of the risks involved with the lack of hardware-based security, namely a secure element in the device.
In the report, authors Thom Janssen, managing consultant with UL Transaction Security, and Technical Consultant with UL Mark Zandstra, wrote that Android KitKat supplies the new communication channel from the contactless card reader to the host central processing unit, which enables HCE. In HCE, communication always passes through the Android OS. This provides basic security measures. These basic security features, however, are lost when a handset is rooted, which is the process of allowing users of handsets, tablets, and other devices to attain privileged control, they wrote.
Rooting risk cause
Janssen and Zandstra identified three key ways in which HCE introduces risks not present with a secure element. In rooted devices, the user can access all information stored in applications, including sensitive information such as payment credentials. “Typically, in payment and transit applications the SP wants to prevent such user access, for instance because it implies malware could also access this data”, they wrote. Such risks are worse in case of a lost or stolen device, which can be rooted by malicious users to obtain access to sensitive data.
For previous Android versions, exploits have also emerged that root the phone from a malware application. “While these exploits had a limited reach (the malware was not available from official download channels), it is a potential risk that has to be considered.”
Various techniques are available to mitigate HCE-related security risks. To learn what those are, read the full white paper Click Here.
UL and the UL logo are trademarks of UL LLC © 2014