NFC Payment Spy: A Privacy Attack on Contactless Payments

In a contactless transaction, when more than one card is presented to the payment terminal’s field, the terminal does not know which card to choose to proceed with the transaction. This situation is called card collision. EMV (which is the primary standard for smart card payments) specifies that the reader should not proceed when it detects a card collision and that instead it should notify the payer. In comparison, the ISO/IEC 14443 standard specifies that the reader should choose one card based on comparing the UIDs of the cards detected in the field. However, our observations show that the implementation of contactless readers in practice does not follow EMV’s card collision algorithm, nor does it match the card collision procedure specified in ISO.

[1]  Budi Arief,et al.  Risks of Offline Verify PIN on Contactless Cards , 2013, Financial Cryptography.

[2]  Jun Han,et al.  ACCessory: password inference using accelerometers on smartphones , 2012, HotMobile '12.

[3]  Yan Zhu,et al.  Tap-Wave-Rub: lightweight malware prevention for smartphones using intuitive human gestures , 2013, WiSec '13.

[4]  Zhi Xu,et al.  TapLogger: inferring user inputs on smartphone touchscreens using on-board motion sensors , 2012, WISEC '12.

[5]  Raphael Spreitzer,et al.  PIN Skimming: Exploiting the Ambient-Light Sensor in Mobile Devices , 2014, SPSM@CCS.

[6]  Di Ma,et al.  Secure Proximity Detection for NFC Devices Based on Ambient Sensor Data , 2012, ESORICS.

[7]  可児 潤也 「"Little Brothers Watching You:" Raising Awareness of Data Leaks on Smartphones」の報告 , 2013 .

[8]  Feng Hao,et al.  TouchSignatures: Identification of user touch actions and PINs based on mobile sensor data via JavaScript , 2016, J. Inf. Secur. Appl..

[9]  N. Asokan,et al.  Drone to the Rescue: Relay-Resilient Authentication using Ambient Multi-sensing , 2014, Financial Cryptography.

[10]  Hao Chen,et al.  TouchLogger: Inferring Keystrokes on Touch Screen from Smartphone Motion , 2011, HotSec.

[11]  Ricardo J. Rodríguez,et al.  Practical Experiences on NFC Relay Attacks with Android - Virtual Pickpocketing Revisited , 2015, RFIDSec.

[12]  Feng Hao,et al.  Tap-Tap and Pay (TTP): Preventing the Mafia Attack in NFC Payment , 2015, SSR.

[13]  Romit Roy Choudhury,et al.  Tapprints: your finger taps have fingerprints , 2012, MobiSys '12.

[14]  Ross J. Anderson,et al.  PIN skimmer: inferring PINs through the camera and microphone , 2013, SPSM '13.

[15]  Adam J. Aviv,et al.  Practicality of accelerometer side channels on smartphones , 2012, ACSAC '12.

[16]  Feng Hao,et al.  TouchSignatures: Identification of User Touch Actions based on Mobile Sensors via JavaScript , 2015, AsiaCCS.