A practical NFC relay attack on mobile devices using card emulation mode

Cavdar, D.; Tomur, Emrah

doi:10.1109/mipro.2015.7160477

Cited by 14 publications

(6 citation statements)

References 4 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…could be utilized [5]. Modern attempts of the DF relay attack have been shown to be easily implementable when utilizing smartphones and the built in NFC and Bluetooth capabilities that they have [10]- [12]. An open source Android application by E. Lee called NFCProxy [13] can be used on some devices to easily make NFC packets available for relaying.…”

Section: Relevant Work and Motivationsmentioning

confidence: 99%

Relay Attack Detection using OFDM Channel-Fingerprinting

Abubaker,

Gong

2024

Preprint

View full text Add to dashboard Cite

Decode-and-forward and amplify-and-forward relay attacks are a powerful tool for defeating challenge-response authentication protocols. Current solutions for detecting these relay attacks utilize round-trip time distance-bounding. Unfortunately, secure implementations of distance-bounding require dedicated ultra-wideband hardware that only provide low data rates and operate at relatively short distances. In this paper we propose two novel symmetric-key challenge-response authentication protocols that can detect either a decode-andforward relay attack or prevent a decode-and-forward and detect an amplify-and-forward relay attack. Both protocols utilize the channel state information in a far-field communication system to perform the detection. The first protocol utilizes the correlation of the adjusted channel frequency response to detect decode-and-forward relay attacks. The second protocol prevents decode-and-forward relay attacks through the use of randomized pilots, and detects amplify-and-forward relay attacks by classifying the distribution of the channel frequency response that is caused by multiple relays. The protocols utilize orthogonal frequency division multiplexing to estimate the channel frequency response between the legitimate communicating parties to identify if a relay attack is occurring in a physical-layer challenge-response authentication protocol. The proposed protocols can be leveraged on many existing hardware platforms and can simultaneously support high data rates. To evaluate the performance of the protocol, MATLAB simulations are done to gather Monte-Carlo results on performance criterion.

show abstract

Section: Relevant Work and Motivationsmentioning

confidence: 99%

Relay Attack Detection using OFDM Channel-Fingerprinting

Abubaker,

Gong

2024

Preprint

View full text Add to dashboard Cite

show abstract

“…There are many scenarios in which relay attacks are used. Its application on Near Field Communication (NFC), for instance, is analyzed in different works in literature [11,20]. Recently, researchers have successfully proved the effectiveness of a relay attack on the SARS-CoV-2 contact tracking application, proposing a hashing-based countermeasure to secure the environment without losing privacy [10].…”

Section: Related Workmentioning

confidence: 99%

EVExchange: A Relay Attack on Electric Vehicle Charging System

Conti¹,

Denis²,

Poovendran³

et al. 2022

Preprint

View full text Add to dashboard Cite

To support the increasing spread of Electric Vehicles (EVs), Charging Stations (CSs) are being installed worldwide. The new generation of CSs employs the Vehicle-To-Grid (V2G) paradigm by implementing novel standards such as the ISO 15118. This standard enables highlevel communication between the vehicle and the charging column, helps manage the charge smartly, and simplifies the payment phase. This novel charging paradigm, which connects the Smart Grid to external networks (e.g., EVs and CSs), has not been thoroughly examined yet. Therefore, it may lead to dangerous vulnerability surfaces and new research challenges.In this paper, we present EVExchange, the first attack to steal energy during a charging session in a V2G communication: i.e., charging the attacker's car while letting the victim pay for it. Furthermore, if reverse charging flow is enabled, the attacker can even sell the energy available on the victim's car! Thus, getting the economic profit of this selling, and leaving the victim with a completely discharged battery. We developed a virtual and a physical testbed in which we validate the attack and prove its effectiveness in stealing the energy. To prevent the attack, we propose a lightweight modification of the ISO 15118 protocol to include a distance bounding algorithm. Finally, we validated the countermeasure on our testbeds. Our results show that the proposed countermeasure can identify all the relay attack attempts while being transparent to the user.

show abstract

“…PEELING THE APPLET This layer serves as a link between mobile devices and desktop computers. To check if a phone is nearby, it uses an NFC reader to send a request (Çavdar & Tomur, 2015, May). If a phone is found, data is then transferred to the browser using NFC technology.…”

Section: IImentioning

confidence: 99%

NFC Based Login for Mobile Apps and Websites

Prasad¹

2022

IJRASET

View full text Add to dashboard Cite

This paper is concerned to show how a mobile phone equipped with Near Field Communication (NFC) can be used to construct a Single Sign-On authentication system (Celikkan & Gelis, 2014, August). When logging in to numerous online sites, customers no longer have to juggle a plethora of usernames and passwords to keep track of. As omnipresent computing devices, smartphones are utilised for a wide range of functions, from authentication to tracking to medical care to entertainment and epayment. Among NFC's many advantages is that it uses short-range communication, which enhances security while also making it simple to use. Our Chrome browser extension allows users to easily authenticate and manage their personal information from their mobile devices. Owing to browser security restrictions, JavaScript code (used in the Google Chrome extension) cannot access computer system resources when executing in a browser. As a result, the Java applet is used to run the software on the user's computer. With the help of the extension, NFC Reader may be accessed and used, and a connection between Java and JavaScript can be established. Using NFC, the user does not have to input any account information because it is automatically uploaded to the online login page. IndexTerms: NFC, Login, Mobile apps , website, RFID , Authentication, Sign-in

show abstract

A practical NFC relay attack on mobile devices using card emulation mode

Cited by 14 publications

References 4 publications

Relay Attack Detection using OFDM Channel-Fingerprinting

Relay Attack Detection using OFDM Channel-Fingerprinting

EVExchange: A Relay Attack on Electric Vehicle Charging System

NFC Based Login for Mobile Apps and Websites

Contact Info

Product

Resources

About