Long Distance Relay Attack

  • Luigi SportielloEmail author
  • Andrea Ciardulli
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8262)


Contactless smart cards are used to securely store data and to authorize the execution of sensitive operations. Their contactless interface represents a mixed blessing, allowing fast operations but also such devices to potential attacks. Relay attacks are among the most powerful attacks applicable against contactless smart cards, allowing a contactless reader to interact with a physically far away card establishing a communication channel between them. In this paper we prove that it is possible to conduct such an attack on a geographical scale, basically without any constraints on the reader and card positions and reaching a relay distance of several kilometers, probably the first example in the literature for contactless smart cards, using cheap and off-the-shelf hardware and software tools.


Contactless smart cards Relay attack Mobile phones NFC Practical attack 


  1. 1.
    Kfir, Z., Wool, A.: Picking virtual pockets using relay attacks on contactless smartcard. In: Proceedings of the First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SecureComm), pp. 47–58 (2005)Google Scholar
  2. 2.
    Hancke, G.P.: A practical relay attack on ISO 14443 proximity cards. Technical report, University of Cambridge Computer Laboratory, pp. 1–13 (2005)Google Scholar
  3. 3.
    Thevenon, P., Savry, O., Tedjini, S.: On the weakness of contactless systems under relay attacks. In: Proceedings of the 19th International Conference on Software, Telecommunications and Computer Networks (SoftCOM), pp. 1–5 (2011)Google Scholar
  4. 4.
    Issovits, W., Hutter, M.: Weaknesses of the ISO/IEC 14443 protocol regarding relay attacks. In: Proceedings of the International Conference on RFID-Technologies and Applications (RFID-TA), pp. 335–342 (2011)Google Scholar
  5. 5.
    WeiB, M.: Performing relay attacks on ISO 14443 contactless smart cards using NFC mobile equipment. Master thesis, Der Technischen Universitat Munchen, Germany (2010)Google Scholar
  6. 6.
    Francis, L., Hancke, G., Mayes, K., Markantonakis, K.: Practical relay attack on contactless transactions by using NFC mobile phones. In: Proceedings of the Workshop on RFID and IoT Security (RFIDsec 2012 Asia) (2012)Google Scholar
  7. 7.
    Emms, M., Arief, B., Defty, T., Hannon, J., Hao, F., van Moorsel, A.: The dangers of verify PIN on contactless cards. Newcastle University, Technical Report Series, No. CS-TR-1332, pp. 1–10 (2012)Google Scholar
  8. 8.
    ISO/IEC 14443: Identification cards - Contactless Integrated Circuit Cards - Proximity Cards (2011)Google Scholar
  9. 9.
    ISO/IEC 7816–4: Identification Cards - Integrated Circuit Cards - Part 4: Organization, Security and Commands for Interchange (2005)Google Scholar
  10. 10.
    ISO/IEC 21481: Information technology - Telecommunications and Information Exchange Between Systems - Near Field Communication Interface and Protocol -2 (NFCIP-2) (2005)Google Scholar
  11. 11.
    Elenkov, N.: Emulating a PKI Smart Card with CyanogenMod 9.1 (2012).
  12. 12.
    CyanogenMod, Ver. 9.1. (2013)
  13. 13.
    Roland, M.: Software card emulation in NFC-enabled mobile phones: great advantage or security nightmare? In: Fourth International Workshop on Security and Privacy in Spontaneous Interaction and Mobile Phone Use, pp. 1–6 (2012)Google Scholar
  14. 14.
    International Civil Aviation Organization: Machine Readable Travel Documents, Part 1, vol. 1, 6th edn (2006)Google Scholar
  15. 15.
    International Civil Aviation Organization: Machine Readable Travel Documents, Part 1, vol. 2, 6th edn (2006)Google Scholar
  16. 16.
    BSI: Advanced Security Mechanisms for Machine Readable Travel Documents - Extended Access Control (EAC), Password Authenticated Connection Establishment (PACE) and Restricted Identification (RI). Ver. 2.05 (2010)Google Scholar
  17. 17.
    ICAO SDK Pro, MaskTech GmbH (2008)Google Scholar
  18. 18.
  19. 19.
    Dunham, K.: Mobile Malware Attacks and Defense. Syngress, Burlington (2009)Google Scholar
  20. 20.
    Kirschenbaum, I., Wool, A.: How to build a low-cost, extended-range RFID skimmer. In: Proceedings of the 15th USENIX Security, Symposium, pp. 43–57 (2006)Google Scholar
  21. 21.
    MF1PLUSx0y1 - Mainstream Contactless Smart Card IC for Fast and Easy Solution Development, Product short data sheet, Rev. 3.2, NXP (2011)Google Scholar
  22. 22.
    Hancke, G.P., Kuhn, M.G.: An RFID distance bounding protocol. In: Proceedings of the First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SecureComm), pp. 67–73 (2005)Google Scholar

Copyright information

© European Union 2013

Authors and Affiliations

  1. 1.European CommissionJoint Research CentreIspraItaly

Personalised recommendations