Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 1:32 pm

All times are UTC + 1 hour




Post new topic Reply to topic  [ 11 posts ]  Go to page 1, 2  Next
Author Message
PostPosted: Sat Jul 08, 2017 11:42 pm 
Offline

Joined: Fri Feb 06, 2015 9:37 am
Posts: 5
IOS 11 opens the doors to NFC for developers called CoreNFC:
https://developer.apple.com/documentation/corenfc

About a month ago, someone asked about IOS NFC support here:
https://github.com/Yubico/yubioath-android/issues/58

However, it went unanswered (perhaps because the question was asked in yubioath-android).

Is anyone at Yubico aware of any plans to support NFS on iOS devices now, or does CoreNFC still not go far enough? (I'm assuming that beta access to iOS 11 allows one to test CoreNFC already)


Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Tue Jul 11, 2017 4:44 pm 
Offline
Yubico Team
Yubico Team

Joined: Thu Oct 16, 2014 3:44 pm
Posts: 349
Yubico has been experimenting with Core NFC, and has discovered two things:

1) The YubiKey NEO supports providing OTP codes via NDEF and works today with Android phones; however, the YubiKey NEO currently does not work with iOS 11 beta due to an NFC negotiation issue. We will provide further updates as we continue our investigation.

2) The iOS 11 Core NFC APIs currently allow reading NDEF tags only, with no application provided data sent to the tag. This means that without more open iOS APIs, only OTP could be supported.

Yubico has reported these issues, but because Apple wants to hear from their customers, those who are interested should let them know by submitting via bugreport.apple.com.

We hope at least #1 can be resolved before the iOS 11 release, and would love a more feature rich NFC API in the future to protect iOS users with advanced security protocols like U2F.


Top
 Profile  
Reply with quote  
PostPosted: Wed Aug 02, 2017 2:09 am 
Offline

Joined: Wed Aug 02, 2017 2:06 am
Posts: 2
Has there been any progress as the iOS 11 cycle continues? I'm really interested in this and would like to go NEO even if it's just for TOTP—right now I'm using Authy to store my TOTP secrets and I'm not super happy with it.


Top
 Profile  
Reply with quote  
PostPosted: Wed Aug 02, 2017 5:28 pm 
Offline
Yubico Team
Yubico Team

Joined: Thu Oct 16, 2014 3:44 pm
Posts: 349
No updates. When we have something new to share, we will comment on this thread.

Have you submitted a bug report via bugreport.apple.com as recommended above?


Top
 Profile  
Reply with quote  
PostPosted: Wed Aug 02, 2017 8:24 pm 
Offline

Joined: Wed Aug 02, 2017 2:06 am
Posts: 2
Not yet, but I intended to. Knowing whether you were still experiencing the problem was my first step. :)

Thanks for working on it!


Top
 Profile  
Reply with quote  
PostPosted: Tue Oct 10, 2017 7:09 pm 
Offline

Joined: Tue Oct 10, 2017 7:05 pm
Posts: 3
Is there any news yet?

It seems that only developers can create a bugreport at bugreport.apple.com, normal AppleIDs are not permitted.


Top
 Profile  
Reply with quote  
PostPosted: Wed Oct 11, 2017 4:13 am 
Offline
Yubico Team
Yubico Team

Joined: Thu Oct 16, 2014 3:44 pm
Posts: 349
I think a blog will be posted on the website in a few days, but the short answer is - not really.

Developers will have to build NFC support into each individual application to retrieve the OTP from the NDEF tag. So if support for OTP over NFC is desired in an application (example: LastPass), the application developer would have to add support in their iOS app to handle the NDEF tag.

CoreNFC also doesn't allow write operations that are required for authentication protocols like U2F.


Top
 Profile  
Reply with quote  
PostPosted: Wed Oct 11, 2017 9:13 am 
Offline

Joined: Tue Oct 10, 2017 7:05 pm
Posts: 3
ChrisHalos wrote:
I think a blog will be posted on the website in a few days, but the short answer is - not really.

Developers will have to build NFC support into each individual application to retrieve the OTP from the NDEF tag. So if support for OTP over NFC is desired in an application (example: LastPass), the application developer would have to add support in their iOS app to handle the NDEF tag.

CoreNFC also doesn't allow write operations that are required for authentication protocols like U2F.


Thanks for your quick reply.

But wouldn't that enable you (yubico) to create an app that reads the OTP and esspecially TOTP codes from the yubikey?
Those codes could then be copy&pasted into the desired app.

It is not perfect, but it would be a lot better than running google authenticator on your phone. It is a first step.


Top
 Profile  
Reply with quote  
PostPosted: Tue Oct 17, 2017 12:17 am 
Offline

Joined: Tue Oct 17, 2017 12:14 am
Posts: 1
I wish I understood this stuff better, but how do the CoreNFC limitations effect the possibility of PGP signing and decryption?


Top
 Profile  
Reply with quote  
PostPosted: Wed Oct 18, 2017 5:43 pm 
Offline
Yubico Team
Yubico Team

Joined: Thu Oct 16, 2014 3:44 pm
Posts: 349
I will try to add some context here that will hopefully help people to understand the limitations of CoreNFC.

Functions absolutely NOT possible, as the CoreNFC API is read-only:
*Yubico Authenticator (no TOTP)
*U2F
*OpenPGP
*PIV
*Challenge-Response

The only that that could possibly work using CoreNFC is the slot-based button press credentials - Yubico OTP / Static Password / OATH-HOTP

The CoreNFC API is available from an app that explicitly calls it. That would mean that if Yubico came up with a YubiClip for iOS (example), the app would have to be launched by the user, then the YubiKey NEO could be tapped, and the OTP copied to clipboard. This adds a lot of extra steps over the Android version, where you can just tap and then immediately paste.

Where the CoreNFC API becomes more useful is for a third party app which supports Yubico OTP (example: LastPass), where the app itself calls the API when the user authenticates. This enables a more seamless user experience with NFC-based 2FA.

Yubico developers did just publish source code for a proof of concept of intercepting a slot-based credential: https://github.com/Yubico/ios-yubico-otp-nfc-demo.


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 11 posts ]  Go to page 1, 2  Next

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 7 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group