Evaluation of Apple iDevice Sensors as a Potential Relay Attack Countermeasure for Apple Pay

Gareth Haken, Konstantinos Markantonakis, Iakovos Gurulian, Carlton Shepherd, Raja Akram

Research output: Chapter in Book/Report/Conference proceedingConference contribution

420 Downloads (Pure)


Traditional countermeasures to relay attacks are difficult to implement on mobile devices due to hardware limitations. Establishing proximity of a payment device and terminal is the central notion of most relay attack countermeasures, and mobile devices offer new and exciting possibilities in this area of research. One such possibility is the use of on-board sensors to measure ambient data at both the payment device and terminal, with a comparison made to ascertain whether the device and terminal are in close proximity. This project focuses on the iPhone, specifically the iPhone 6S, and the potential use of its sensors to both establish proximity to a payment terminal and protect Apple Pay against relay attacks. The iPhone contains 12 sensors in total, but constraints introduced by payment schemes mean only 5 were deemed suitable to be used for this study. A series of mock transactions and relay attack attempts are enacted using an iOS application written specifically for this study. Sensor data is recorded, and then analysed to ascertain its accuracy and suitability for both proximity detection and relay attack countermeasures.
Original languageEnglish
Title of host publicationProceedings of the 3rd ACM International Workshop on Cyber-Physical System Security
Subtitle of host publicationCPSS '17
Place of PublicationNew York
Number of pages12
ISBN (Electronic)978-1-4503-4956-7
Publication statusPublished - 2 Apr 2017
Event3rd ACM Cyber-Physical System Security Workshop (CPSS 2017) - Abu Dhabi, United Arab Emirates
Duration: 2 Apr 20172 Apr 2017


Conference3rd ACM Cyber-Physical System Security Workshop (CPSS 2017)
Country/TerritoryUnited Arab Emirates
CityAbu Dhabi


  • Relay Attacks
  • Apple Pay
  • Ambient Sensors

Cite this