FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

How secure are the Ntag213 - Ntag215 password protections?

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How secure are the Ntag213 - Ntag215 password protections?

‎10-22-2019 08:42 AM
6,209 Views
info18
Contributor I

Hi Guys,

So we are currently working on an project where the ntag213 or ntag215 are going to be used. (in public areas, guests can scan it, to access an site)

The idea is: To write specifik data to the chip  that can be read by guests ( its not sensitive) BUT shoud not be able to overwritten/erased/replaced.

We've found a couple of good android apps, that  can  write and 'lock' the chip to make it read-only, where u recieve an Master key to unlock it..  So far so good..

But my question and concern is;

How secure is that read-only? with the ntag213/215 chips. 

I mean, are there any known exploits to be aware of?

Would there be any possibility to 'crack' the password, and reverse it somehow to be overwritten?  so that someone could intentionally put malware on it or make an phishing site written to the chip. (Obviously we are trying to avoid that of happening, so that's why we have the concerns of the security )

Thanks allot guys! hope to learn more about it.

Kind regards,

Johnny

0 Kudos
Reply
3 Replies

‎10-23-2019 02:53 PM
5,577 Views
IvanRuiz
NXP Employee
NXP Employee

Hello,

It will depend on how secure you want your system to be. The most important thing to keep in mind is that in every authentication to the Tag, the data will travel in plain text though the air. You may use a DESFire instead which is common criteria EAL5+ if you want your communication to be encrypted. For more information, please refer to: MIFARE DESFire EV2 | NXP 

BR,

Ivan.

0 Kudos
Reply

‎10-24-2019 01:22 AM
5,577 Views
info18
Contributor I

Hi Evan, thanks for the reply..

As mentioned before, the communication being plain text is OK > since its for guest purposes anyway (its on an isolated network)

The concerns are regarding the password - making the chip read-only, in terms of security, how secure is that? How easily can it be cracked and overwritten by an unauthorized person?

That's what I really would like to know..

Thanks again, waiting for your reply!

0 Kudos
Reply

‎10-24-2019 07:50 AM
5,577 Views
IvanRuiz
NXP Employee
NXP Employee

Hello,

Overwritten, not possible, unless you authenticate successfully to the Tag with the right password to protected area memory and overwrite it. 

You could make it even stronger by avoiding brute-force. Fortunately, this can be prevented by limiting negative verification attempts, as mentioned in chapter 8.8.2 of datasheet: https://www.nxp.com/docs/en/data-sheet/NTAG213_215_216.pdf 

Hope this helps.

BR,

Ivan.

0 Kudos
Reply