Friday, August 12, 2016

Tasker + NFC providing 1½ Factor Authentication

Between a parent hack posted on Facebook and this YouTube video about embedding a NFC tag in your manicure, I'd realized it's been too long since I've done any NFC hacking. I've got NFC stickers lying around, just waiting to be put to use. With the security inspiration of the aforementioned posts, I decided I'd do something NFC + Security'ish.

The obvious hack of using NFC to unlock your phone is actually quite tricky. Without a rooted phone, a Tasker based NFC Task won't be activated if the phone screen is off or the phone is locked. So yeah, my hope of creating a magic wand (read: sharpie with a NFC tag stuck to it) to unlock my phone was a no-go. But surely there had to be something security related I could do.

Tasker comes with it's own Lock Action which pops up a PIN entry screen. My original plan: kick off this Lock Action and then use an NFC tag to hide it. Unfortunately, this idea too doesn't work, as there seems to be no way to close out the Lock Action once it's running.

After a day or two more of brainstorming, I finally figured out a workable solution. First off, I created a new Profile that detects when particular apps are launched. When these apps are launched, the Locker screen is invoked. For testing purposes, I set it up so that launching the two blog authoring tools I've got on my phone kick off the locking task:

The code for the Lock Out App action is straightforward:

Lock Out App (138)
  A1: Variable Randomize [ Name:%pin Min:1000 Max:9999 ] 
  A2: Lock [
    Title: Code:%pin Allow Cancel:On Remember Till Off:Off
    Full Screen:On Background Image: Layout:Lock ] 

Note that the pin used in the lock screen is a random 4 digit pin. In other words, the lock screen's job is simply to lock folks out, there's no well known pin capable of unlocking it.

Next up, I needed to add support for toggling this profile. Here are the profiles to do this:

The first profile runs hourly and enables the App Lockdown Profile. The next profile is kicked off when a specific NFC tag is invoked, and it's job is to disable the App Lockdown Profile. The result is that every hour the phone is re-locked down, and one can only gain access to these specific apps by touch the correct NFC tag to the back of the phone, which lifts the restrictions.

For this to provide any level of security I'd need to insure that the particular profile and apps that can mess with Tasker are also included in the list of apps to block.

And here's the physical tag that unlocks these apps:

I'm fairly surprised at the range of the NFC sticker that I used. Either side of the plastic tag, which is wrapped in duct tape, trigger the NFC action. If I got creative, I really could hide these tags in plain sight.

It's fair to ask, given that Android has fairly extensive lock screen options, is this even of value? Maybe. I can see where it would be potentially handy for casual situations (do your homework, and a parent will unlock the games on your phone) or as an extra level of security while traveling. Ultimately, it's just fun playing with NFC.

No comments:

Post a Comment