Comment by datameta
2 years ago
I think both our views are valid within their contexts, with the key difference being the distinction between NFC's base capabilities and the security measures actually implemented in NFC applications (where often upper layer protocols like in credit cards, are doing the heavy lifting for security). Since this discussion centers around real world incidence, you're right to point out that NFC does not inherently mean the application will be secure.
I actually will also correct myself about saying that NFC is shorter range than RFID. Both HF and LF have about the same range. UHF has a range on the order of 10m but is almost never if at all used for high volume applications like hotel door locks. I do however disagree with your rejection of the colloquial usage of RFID to exclude NFC. In everyday conversation, I believe it is understood that NFC is a subset.
The main point I'm trying to make is essentially targeted at this line of logic:
> NFC's design principles inherently prioritize secure exchanges
NFC's design principles inherently has absolutely zero security. It doesn't prioritize secure exchanges, at all. The fact secure exchanges can happen over NFC in incidental to NFC existing. Any secure exchange that happens over NFC happens because the higher-level application brought its own security.
It's like UDP. Sure, you can do a secure exchange of data using it like QUIC or encrypted RTP, but UDP doesn't give you anything other than a way to send that data along.
Which then compared to just an overall massively wide topic like "RFID", which encompasses dozens (hundreds?) of other technologies, some of which do actually prioritize secure (or at least attempted to secure) handshakes throughout the entire stack.
And range of an RF thing is largely just based around typical hardware. If you wanted to you could build an antenna array to pick up an NFC tag from dozens of meters away. WiFi might only be designed to work around the house, but with a clear line of sight, decent RF conditions, and the right antennas you can send it miles.
Generally speaking, you shouldn't expect any kind of security doing things with NFC. Because, NFC has no security inherent to the protocol.