While everyone is bringing their own mobile devices to work, those phones might as well be put to work contributing to building security; at least that’s the purview of HID Global, which announced the results of a pair of pilot studies using NFC
technology in employee smartphones to (physically) open doors at companies and contribute to overall facility security.
Using HID Global’s iCLASS SE platform and iCLASS SE credentials and NFC-enabled Samsung
Galaxy S III smartphones, the company conducted tests at both Netflix
HQ and Good Technology (a secure enterprise mobility solutions provider). Proximity readers were placed at various entrances at Netflix--Good Technology used the SARGENT SE LP10 lock at its facility--and when employees carrying their phones drew near, they were granted access without having to swipe a badge or use a keyfob.
Samsung Galaxy S III
How does this contribute to physical security? Users need digital credentials on their device to get through the access point, and those credentials are stored in an app on the phone. Because access to the phone can be protected with a PIN or other passcode, not to mention the fact that employees will typically not lend their phones to anyone else, there’s a de facto
two-step authentication process.
The whole shebang proved popular among testers, although HID Global did note that among the requests for improvements were the desire for more diversity in phone and carrier options, always-on access control so users don’t have to unlock their phones and launch an app to get in the door, and better battery life management.
The whole setup is certainly intriguing, but there may be concerns over the security of NFC on those Samsung Galaxy S III devices; just recently, at the Mobile Pwn2Own event
at EuSecWest 2012, MWR Labs hacked that exact device (running Android 4.0.4) using an undiscovered exploit and gained a back door to it via malicious code sent to the phone using--you guessed it--NFC.