Vila, José; Rodríguez, Ricardo J
Practical Experiences on NFC Relay Attacks with Android: Virtual Pickpocketing Revisited Proceedings Article
In: Proceedings of the 11th International Workshop on RFID Security (RFIDsec), pp. 87–103, Springer, 2015.
Abstract | Links | BibTeX | Tags: Android, contactless cards, contactless payment, NFC, relay attacks, Security
@inproceedings{VR-RFIDsec-15,
title = {Practical Experiences on NFC Relay Attacks with Android: Virtual Pickpocketing Revisited},
author = {José Vila and Ricardo J Rodríguez},
url = {http://webdiis.unizar.es/~ricardo/files/papers/VR-RFIDsec-15.pdf},
doi = {10.1007/978-3-319-24837-0_6},
year = {2015},
date = {2015-01-01},
booktitle = {Proceedings of the 11th International Workshop on RFID Security (RFIDsec)},
volume = {9440},
pages = {87--103},
publisher = {Springer},
series = {Lecture Notes in Computer Science},
abstract = {Near Field Communication (NFC) is a short-range contactless communication standard recently emerging as cashless payment technology. However, NFC has been proved vulnerable to several threats, such as eavesdropping, data modification, and relay attacks. A relay attack forwards the entire wireless communication, thus communicating over larger distances. In this paper, we review and discuss feasibility limitations when performing these attacks in Google's Android OS. We show an experiment proving its feasibility using off-the-shelf NFC-enabled Android devices (i.e., no custom firmware nor root required). Thus, Android NFC-capable malicious software might appear before long to virtually pickpocket contactless payment cards within its proximity.},
keywords = {Android, contactless cards, contactless payment, NFC, relay attacks, Security},
pubstate = {published},
tppubtype = {inproceedings}
}
Near Field Communication (NFC) is a short-range contactless communication standard recently emerging as cashless payment technology. However, NFC has been proved vulnerable to several threats, such as eavesdropping, data modification, and relay attacks. A relay attack forwards the entire wireless communication, thus communicating over larger distances. In this paper, we review and discuss feasibility limitations when performing these attacks in Google's Android OS. We show an experiment proving its feasibility using off-the-shelf NFC-enabled Android devices (i.e., no custom firmware nor root required). Thus, Android NFC-capable malicious software might appear before long to virtually pickpocket contactless payment cards within its proximity.