What criminals look for on NFC-enabled cell phones
Criminals target cell phones with NFC activated because they see digital wallets full of cards and banking apps ready to be exploited
The most direct solution is to disable NFC whenever you are not using it and only activate it at the time of purchase. This cuts out almost all relay and skimming attacks while maintaining practicality. Combine with statement monitoring and restricted permissions to stay well protected.
- Criminals mainly seek payment tokens and active digital wallets (Google Wallet or Apple Pay).
- Relay attacks (Ghost Tap) allow you to defraud transactions in real time.
- Disabling NFC when not in use is the most effective measure.
- Androids are more common targets because of the system's greater flexibility.
How NFC turns your cell phone into a preferred target
Criminals see a cell phone with NFC activated as an opportunity for quick and discreet theft. They look for devices with payment apps configured, as these store tokens that work like digital cards.
With the feature turned on, it is possible to capture or retransmit signals in seconds, especially in busy locations. An infected phone becomes a bridge to fraud even if you don't approach anything.
Top methods criminals use today
- Relay attacks (Ghost Tap): Capture the NFC signal and send it to another cell phone that emulates yours.
- Proximity skimming: Portable readers steal data even in your bag.
- Malware via fake apps: They ask you to "verify" the card by approaching it on your cell phone.
- Cloning for quick purchases: Use tokens in low-value contactless terminals.
Comparative risk analysis by device type
| Device | Risk Level | What Attracts Criminals | Main Protection |
|---|---|---|---|
| Android with NFC always on | High | Malware and easy relay | Disable NFC + antivirus |
| iPhone with Apple Pay | Medium | Tokens protected, but relay possible | Face ID and quick deactivation |
| Cell phones without digital wallets | Low | Basic data only | NFC disabled by default |
| Old Android | Very High | Slow updates | Monitor statements daily |
Technical analysis of attacks via NFC
NFC operates at 13.56 MHz with a short range, but criminals use relay tools to extend this distance via the internet. They intercept APDU commands and emulate Host Card Emulation (HCE) on another device.
Instead of stealing the card number, they capture dynamic tokens generated by banks. These tokens are limited in value and time, but still allow for multiple small purchases.
Even with secure tokens, relay attacks can bypass physical distance when there is malware on the cell phone. Low-value transactions without biometrics are the most exploited weakness.
Older Android devices receive security updates late, leaving holes open for weeks or months. Excessive reliance on "convenience" also increases risk.
Disable NFC in quick settings and only turn it on when paying. Use transaction alerts via SMS or bank app and review statements every day.
Avoid installing apps from unknown sources and always keep your system up to date.
Leaving NFC always activated is an unnecessary mistake that makes the work of criminals much easier. The convenience is not worth the real risk of losing money to silent fraud.
Mobile phones with NFC activated attract criminals mainly due to payment tokens and relay facilities. Disabling the feature when you're not using it remains the simplest and most effective measure.
In the future we will have more automatic protections, but today the responsibility is yours. Review your phone settings now and get in the habit of turning off NFC.
- Is your cell phone really protected? What to check on your lock screen now
- SuperGrok xAI: Why it's changing the AI game
- Is SuperGrok worth it? We tested Elon Musk's new AI that promises to surpass GPT-5
- Quasar Linux (QLNX): Advanced RAT targets developers and threatens software supply chain
- This ransomware doesn't want your money, it wants to erase your data