Title

Apple iOS must not allow use of the Near Field Communications (NFC) radio. (Cat II impact)

Discussion

Several commercial implementations of NFC protocols are vulnerable to man-in-the-middle and replay attacks. If NFC-enabled iOS devices have similar vulnerabilities, this could enable an adversary to perform unauthorized transactions such as mobile payments. Disabling the NFC radio mitigates this risk. SFR ID: FMT_SMF.1.1 #42

Check Content

Review configuration settings to confirm the use of the NFC radio is disabled. Note: This check procedure is not applicable on iOS devices that do not contain an NFC radio. As of the publication of this ISCG, iPhone 6 and iPhone 6 Plus are the only devices that contain an NFC radio. The switch for disabling the NFC radio is expected to be in the Settings app. The switch may refer to NFC services or protocols and not the radio itself. Verify the relevant switch or switches are turned off. If the NFC radio or services are enabled on an iOS device that supports disabling the radio or the services that use the radio, this is a finding.

Fix Text

The user must disable the NFC radio or the services that use it.

Additional Identifiers

Rule ID:

Vulnerability ID: V-54315

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.