Abstract
Near Field Communication’s card emulation mode is a way to combine smartcards with a mobile phone. Relay attack scenarios are well-known for contactless smartcards. In the past, relay attacks have only been considered for the case, where an attacker has physical proximity to an NFC-enabled mobile phone. However, a mobile phone introduces a significantly different threat vector. A mobile phone’s permanent connectivity to a global network and the possibility to install arbitrary applications permit a significantly improved relay scenario. This paper presents a relay attack scenario where the attacker no longer needs physical proximity to the phone. Instead, simple relay software needs to be distributed to victims’ mobile devices. This publication describes this relay attack scenario in detail and assesses its feasibility based on measurement results.
This work is part of the project “4EMOBILITY” within the EU programme “Regionale Wettbewerbsfähigkeit OÖ 2007–2013 (Regio 13)” funded by the European regional development fund (ERDF) and the Province of Upper Austria (Land Oberösterreich).
Chapter PDF
References
Clark, S.: RIM releases BlackBerry NFC APIs. Near Field Communications World (May 2011), http://www.nfcworld.com/2011/05/31/37778/rim-releases-blackberry-nfc-apis/
Desmedt, Y., Goutier, C., Bengio, S.: Special Uses and Abuses of the Fiat-Shamir Passport Protocol (extended abstract). In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol. 293, pp. 21–39. Springer, Heidelberg (1988)
EMVCo: EMV Contactless Specifications for Payment Systems – Book A: Architecture and General Requirements, Version 2.1 (March 2011)
Francis, L., Hancke, G., Mayes, K., Markantonakis, K.: Practical NFC Peer-to-Peer Relay Attack Using Mobile Phones. In: Ors Yalcin, S.B. (ed.) RFIDSec 2010. LNCS, vol. 6370, pp. 35–49. Springer, Heidelberg (2010)
Gostev, A.: Monthly Malware Statistics: August 2011 (September 2011), http://www.securelist.com/analysis/204792190
Hancke, G.P.: A Practical Relay Attack on ISO 14443 Proximity Cards (January 2005), http://www.rfidblog.org.uk/hancke-rfidrelay.pdf (retrieved September 20, 2011)
Hancke, G.P., Mayes, K.E., Markantonakis, K.: Confidence in smart token proximity: Relay attacks revisited. Computers & Security 28(7), 615–627 (2009)
Höbarth, S., Mayrhofer, R.: A framework for on-device privilege escalation exploit execution on Android. In: Proceedings of IWSSI/SPMU (June 2011)
Jeon, W., Kim, J., Lee, Y., Won, D.: A Practical Analysis of Smartphone Security. In: Smith, M.J., Salvendy, G. (eds.) HCII 2011, Part I. LNCS, vol. 6771, pp. 311–320. Springer, Heidelberg (2011)
Kfir, Z., Wool, A.: Picking Virtual Pockets using Relay Attacks on Contactless Smartcard. In: Proceedings of the First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM 2005), pp. 47–58 (September 2005)
McLean, H.: Nokia: No mobile wallet support in current NFC phones. Near Field Communications World (July 2011), http://www.nfcworld.com/2011/07/21/38715/nokia-no-mobile-wallet-support-in-current-nfc-phones/
RIM: Blackberry API 7.0.0: Package net.rim.device.api.io.nfc.emulation (2011), http://www.blackberry.com/developers/docs/7.0.0api/net/rim/device/api/io/nfc/emulation/package-summary.html
Roland, M., Langer, J., Scharinger, J.: Practical Attack Scenarios on Secure Element-enabled Mobile Devices. In: Proceedings of the Fourth International Workshop on Near Field Communication (NFC 2012), Helsinki, Finland, p. 6 (March 2012)
Smart Card Alliance: Transit and Contactless Open Payments: An Emerging Approach for Fare Collection (November 2011), http://www.smartcardalliance.org/resources/pdf/Open_Payments_WP_110811.pdf
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 IFIP International Federation for Information Processing
About this paper
Cite this paper
Roland, M., Langer, J., Scharinger, J. (2012). Relay Attacks on Secure Element-Enabled Mobile Devices. In: Gritzalis, D., Furnell, S., Theoharidou, M. (eds) Information Security and Privacy Research. SEC 2012. IFIP Advances in Information and Communication Technology, vol 376. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-30436-1_1
Download citation
DOI: https://doi.org/10.1007/978-3-642-30436-1_1
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-30435-4
Online ISBN: 978-3-642-30436-1
eBook Packages: Computer ScienceComputer Science (R0)