iPhones don't identify unique NFC tags

Apple may want to verify tag originality in iOS before enabling tag discovery or other NFC features

Since reading a tag’s unique identifier (UID) or other hardware characteristics of NFC tags cannot be done with the beta release of CoreNFC, all anti-cloning measures at the developer’s disposal are precluded. The concept of tag originality and reading a UID are related since both naive and advanced anti-cloning measures involve using it in some way. The decision to not allow developers to access the UID is discussed in this article.

iPhones won't yet automatically discover tags

By withholding certain NFC features, both Apple and iPhone users could reap rewards

Apple will be playing a far more prominent role in determining how its customers use NFC when compared to Google which takes a far more open approach. There are two areas of NFC integration Apple is choosing, so far, not to leave in the hands of app developers. The first is tag discovery and the second is anti-cloning measures used to validate that a tag is not a clone. This first article will discuss tag discovery, the next will focus on anti-cloning measures Apple may want to implement within iOS.

Using NFC to make a visual phonebook

Improving smartphone accessibility with NFC

So you’ve finally bitten the bullet, you had to get Grandma and Grandpa smartphones, and it’s really not going well. The contacts app is confusing, they don’t like using a touchscreen, and they keep accidentally calling the wrong person or opening Angry Birds when they’re trying to make a phone call. Let’s face it, smartphones are really designed to be “smart” first and phones second, which is troublesome when you grew up with phones that were just phones, and all you want your “phone” to do is make phonecalls!

The Forgotten NTAG215

A less common, but quite useful tag

Recently, there has been an uptick of interest in the NTAG215 chip due to its use in products such as Nintendo’s Amiibo figurines. The NTAG215 is a fairly uncommon tag from consumer retailers, but here at TapTrack, we’ve worked with it quite a bit in our business-to-business solutions, and have sold it as part of our tag evaluation kits for quite a while. While the rest of this post will simply describe the NTAG215 and why it’s less common than other tags, if you’re on this page simply because you’re interested in purchasing NTAG215s, please click the link below to order some: NTAG215 Adhesive Stickers (Quantity 5) $5 What is an NTAG NTAGs are a line of Type 2 NFC tags produced by NXP semiconductors designed explicitly to be used for storing NDEF messages.

NFC business card tag choices

What tags should you choose for your NFC business card

So you’ve decided to add NFC to your next batch of business cards and start designing them. You’ve picked the perfect subtle off-white colouring, the most tasteful thickness, an elegant font, but suddenly you’re faced with a choice of tag technology. NTAG? Ultralight? DESFire? Classic? Topaz? What do you choose? Why? If you’ve read our Tag 101 article, you probably already have some idea what tag you want, but, even if you haven’t, we’ll explain everything here.

You can't copy your NFC payment card

Thinking of copying your credit or transit card to another tag? Fortunately, you probably can't.

In the NFC space, it is quite common to hear consumers asking if it is possible for them to copy their credit card or bus pass onto another NFC card. Fortunately, for security reasons, you generally cannot do this. Most commonly available NFC tags aren’t very complicated devices. Effectively, they are small chunks of read-write memory with a radio interface tacked on. However, a we mentioned in our post on cloning hotel cards, there are also advanced cards available with the ability to perform cryptographic authentication and enciphered communication.

Presto's 24 hour delay: the theory

Cashless payments and the tyranny of CAP Theorem

It’s 2016, why does still Presto take 24 hours to update my balance? For those not in Ontario, Presto is our province-wide transit farecard system, which supports online topups, but with the caveat of requiring 24 hours for your balance to be updated. For those in Ontario, you’re probably already aware of this limitation there’s a good chance that you’ve heard some variation of the above quote. Indeed, it is 2016, so why does it take 24 hours for an online-topup?

Even easier NFC on Node with the TappyWrapper

Using the TappyWrapper convenience library to accelerate NFC application development

Previously, we showed how you can easily start developing NFC applications on NodeJS with a Tappy device using the TappyTcmpJs library. While that project was very short, much of the code we had to write was boilerplate for composing commands and making sense of the Tappy’s responses. This is necessary in order to take advantage of the full power of the Tappy family of NFC readers with all of their advanced commands and any custom commands we may develop for your use, but in a lot of applications, you only really need to detect tag UIDs as well as read and write NDEF messages.

NFC Relay Attacks

How big of a security issue are they really?

In any secure application design, there are lots of things that must be considered. For lots of NFC-based application, one of these concerns is vulnerabilities to a type of man-in-the-middle attack called a relay attack. In post, we’ll look at what a relay attack is, why they’re dangerous even with encrypted communication, and how you can reduce the odds of one impacting your system. What is a relay attack In the common man-in-the-middle attack, the attacker inserts themselves in between two communicating parties.

Security is about trust, not acronyms

Effective security is often more about system design than algorithm selection

When planning the security of a system, all of us developers love to get into the nitty gritty details of what NIST standards we’re implementing or the size of our keyspace. Unfortunately, this tendency can often end up resulting in missing the forest for the trees. By the same token, product managers can often make the dangerous mistake of believing that using a high difficulty randomly salted Argon2 password hash and 4096-bit RSA your application is automatically secure.