Practical Relay Attack on Contactless Transactions by Using NFC Mobile Phones

Lishoy Francis, Gerhard Hancke, Keith Mayes, Konstantinos Markantonakis

Research output: Chapter in Book/Report/Conference proceedingConference contribution


Contactless technology is widely used in security sensitive applications, including identification, payment and access-control systems. Near Field Communication (NFC) is a short-range contactless technology allowing mobile devices to act primarily as either a reader or a token. Relay attacks exploit the assumption that a contactless token within communication range is in close proximity, by placing a proxy-token in range of a contactless reader and relaying communication over a greater distance to a proxy-reader communicating with the authentic token. It has been theorised that NFC-enabled mobile phones could be used as a generic relay attack platform without any additional hardware, but this has not been successfully demonstrated in practice. We present the first generic practical implementation of a contactless relay attack by using only NFC-enabled mobile phones, requiring only suitable mobile software applications. This implementation reduces the complexity of relay attacks and therefore has potential security implications for current contactless systems.
Original languageEnglish
Title of host publicationThe 2012 Workshop on RFID and IoT Security (RFIDsec 2012 Asia)
EditorsNai-Wei Lo, Yingjiu Li
PublisherIOS Press
Pages21 - 32
Number of pages12
Publication statusPublished - Nov 2012
EventThe 2012 Workshop on RFID and IoT Security (RFIDsec 2012 Asia) - Taipei, Taiwan, Province of China
Duration: 8 Nov 20129 Nov 2012

Publication series

NameCryptology and Information Security Series
PublisherIOS Press


WorkshopThe 2012 Workshop on RFID and IoT Security (RFIDsec 2012 Asia)
Country/TerritoryTaiwan, Province of China

Cite this