TY - GEN
T1 - Practical Relay Attack on Contactless Transactions by Using NFC Mobile Phones
AU - Francis, Lishoy
AU - Hancke, Gerhard
AU - Mayes, Keith
AU - Markantonakis, Konstantinos
PY - 2012/11
Y1 - 2012/11
N2 - Contactless technology is widely used in security sensitive applications, including identification, payment and access-control systems. Near Field Communication (NFC) is a short-range contactless technology allowing mobile devices to act primarily as either a reader or a token. Relay attacks exploit the assumption that a contactless token within communication range is in close proximity, by placing a proxy-token in range of a contactless reader and relaying communication over a greater distance to a proxy-reader communicating with the authentic token. It has been theorised that NFC-enabled mobile phones could be used as a generic relay attack platform without any additional hardware, but this has not been successfully demonstrated in practice. We present the first generic practical implementation of a contactless relay attack by using only NFC-enabled mobile phones, requiring only suitable mobile software applications. This implementation reduces the complexity of relay attacks and therefore has potential security implications for current contactless systems.
AB - Contactless technology is widely used in security sensitive applications, including identification, payment and access-control systems. Near Field Communication (NFC) is a short-range contactless technology allowing mobile devices to act primarily as either a reader or a token. Relay attacks exploit the assumption that a contactless token within communication range is in close proximity, by placing a proxy-token in range of a contactless reader and relaying communication over a greater distance to a proxy-reader communicating with the authentic token. It has been theorised that NFC-enabled mobile phones could be used as a generic relay attack platform without any additional hardware, but this has not been successfully demonstrated in practice. We present the first generic practical implementation of a contactless relay attack by using only NFC-enabled mobile phones, requiring only suitable mobile software applications. This implementation reduces the complexity of relay attacks and therefore has potential security implications for current contactless systems.
M3 - Conference contribution
VL - 8
T3 - Cryptology and Information Security Series
SP - 21
EP - 32
BT - The 2012 Workshop on RFID and IoT Security (RFIDsec 2012 Asia)
A2 - Lo, Nai-Wei
A2 - Li, Yingjiu
PB - IOS Press
T2 - The 2012 Workshop on RFID and IoT Security (RFIDsec 2012 Asia)
Y2 - 8 November 2012 through 9 November 2012
ER -