An NFC Relay Attack with Off-the-shelf Hardware and Software

Passive Near Field Communication NFC devices, such as contactless smart cards, use NFC to communicate with other devices without any physical connection or an internal battery source, deriving power inductively via the radio field generated by the NFC reader device. Today, many Point-of-Sale PoS terminals, credit cards, and also mobile devices are NFC-capable and facilitate contactless payments. Although the communication range is typically limited to a few centimeters, NFC attacks exist that exploit such contactless communication channels. This paper focuses on NFC relay attacks and shows that a practical relay attack on public transport PoS terminals, using off-the-shelf mobile devices and hardware, is feasible. Finally, countermeasures are discussed with the main finding that currently the best countermeasure against relay attacks is to physically shield an NFC device.

[1]  Tom Chothia,et al.  Relay Cost Bounding for Contactless EMV Payments , 2015, Financial Cryptography.

[2]  Steven J. Murdoch,et al.  Verified by Visa and MasterCard SecureCode: Or, How Not to Design Authentication , 2010, Financial Cryptography.

[3]  Gerhard P. Hancke,et al.  Confidence in smart token proximity: Relay attacks revisited , 2009, Comput. Secur..

[4]  Avishai Wool,et al.  Picking Virtual Pockets using Relay Attacks on Contactless Smartcard , 2005, First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM'05).

[5]  Gerhard P. Hancke,et al.  A Practical Relay Attack on ISO 14443 Proximity Cards , 2005 .

[6]  Mike Bond,et al.  2010 IEEE Symposium on Security and Privacy Chip and PIN is Broken , 2022 .

[7]  Markus G. Kuhn,et al.  An RFID Distance Bounding Protocol , 2005, First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM'05).

[8]  Josef Langer,et al.  Cloning Credit Cards: A Combined Pre-play and Downgrade Attack on EMV Contactless , 2013, WOOT.

[9]  Corey Michael Gruber An Easy Way , 1911 .

[10]  Gerhard P. Hancke,et al.  Practical NFC Peer-to-Peer Relay Attack Using Mobile Phones , 2010, RFIDSec.

[11]  Ricardo J. Rodríguez,et al.  Practical Experiences on NFC Relay Attacks with Android - Virtual Pickpocketing Revisited , 2015, RFIDSec.

[12]  Mike Bond,et al.  Chip and Skim: Cloning EMV Cards with the Pre-play Attack , 2012, 2014 IEEE Symposium on Security and Privacy.

[13]  Xiqing Chu,et al.  Relay attacks of NFC smart cards , 2014 .