Hi,
Just a few comments about NFC security with respect to NFC skimming and other vulnerabilities. I am the developer of Satochip (
https://satochip.io), a hardware wallet based on a smartcard. Our devices support NFC (e.g. for mobile integration).
All communications with the card uses a secure channel which is encrypted and protected against replay attacks (among other). This means that even if a flipper 'sniff' the communication, it will only get encrypted data. If it records a communication and ty to replay it (repeating same data), it will also not work.
Moreover any sensitive operation such as signing a transaction is protected by a PIN code, and this PIN is also sent encrypted to the card. In any case, the private keys are never exported outside of the chipcard!
The firmware running on the card is open-source and available on Github, so you can check in details what is being exchanged and verify that it is secured:
https://github.com/Toporin/SatochipApplet We also provide 2 other products based on smartcards:
* Satodime (satodime.io): a bitcoin bearer card to store bitcoin like a physical note with the private key stored on the card
* SeedKeeper (seedkeeper.io): a backup solution for your seeds
Thanks for all the info. I would imagine most btc NFC wallets run a similar pattern as you guys? Curious if you know any (you dont have to mention by name if you dont want) that are currently available out there that dont use encryption, and would be vulnerable to tools such a flipper?
I think you or someone from your team donated a wallet card to a charity auction I ran a few years back. I dont see it in your past posts so maybe it was someone else with Satochip ? Either way it was much appreciated!