Practical Experiences on NFC Relay Attacks with Android - Virtual Pickpocketing Revisited
نویسندگان
چکیده
Near Field Communication (NFC) is a short-range contactless communication standard recently emerging as cashless payment technology. However, NFC has been proved vulnerable to several threats, such as eavesdropping, data modification, and relay attacks. A relay attack forwards the entire wireless communication, thus communicating over larger distances. In this paper, we review and discuss feasibility limitations when performing these attacks in Google’s Android OS. We show an experiment proving its feasibility using off-the-shelf NFC-enabled Android devices (i.e., no custom firmware nor root required). Thus, Android NFC-capable malicious software might appear before long to virtually pickpocket contactless payment cards within its proximity.
منابع مشابه
Practical Experiences on NFC Relay Attacks with Android: Virtual Pickpocketing Revisited
Near Field Communication (NFC) is a short-range contactless communication standard recently emerging as cashless payment technology. However, NFC has been proved vulnerable to several threats, such as eavesdropping, data modification, and relay attacks. A relay attack forwards the entire wireless communication, thus communicating over larger distances. In this paper, we review and discuss feasi...
متن کاملRelay Attacks on Secure Element-Enabled Mobile Devices - Virtual Pickpocketing Revisited
Near Field Communication’s card emulation mode is a way to combine smartcards with a mobile phone. Relay attack scenarios are well-known for contactless smartcards. In the past, relay attacks have only been considered for the case, where an attacker has physical proximity to an NFC-enabled mobile phone. However, a mobile phone introduces a significantly di↵erent threat vector. A mobile phone’s ...
متن کاملDEMO: NFCGate - An NFC Relay Application for Android
Near Field Communication (NFC) is a technology widely used for security-critical applications like access control or payment systems. Many of these systems rely on the security assumption that the card has to be in close proximity to communicate with the reader. We developed NFCGate, an Android application capable of relaying NFC communication between card and reader using two rooted but otherw...
متن کاملMobile Pickpocketing: Exfiltration of Sensitive Data through NFC-enabled Mobile Devices (CMU-CyLab-13-015)
With the increasing popularity of Near field communication (NFC) in consumer-off-the-shelf devices, more and more applications are taking advantage of the technology in innovative ways. Unfortunately, with the rise of NFC applications, there emerges a variety of vulnerabilities that could leave an unwitting user vulnerable to a data breach. One such potentially devastating attack is mobile pick...
متن کاملMobile Pickpocketing: Exfiltration of Sensitive Data through NFC-enabled Mobile Devices
With the increasing popularity of Near field communication (NFC) in consumer-off-the-shelf devices, more and more applications are taking advantage of the technology in innovative ways. Unfortunately, with the rise of NFC applications, there emerges a variety of vulnerabilities that could leave an unwitting user vulnerable to a data breach. One such potentially devastating attack is mobile pick...
متن کامل