On the security issues of NFC enabled mobile phones
نویسندگان
چکیده
In this paper, we investigate the possibility that a Near Field Communication (NFC) enabled mobile phone, with an embedded secure element (SE), could be used as a mobile token cloning and skimming platform. We show how an attacker could use an NFC mobile phone as such an attack platform by exploiting the existing security controls of the embedded SE and the available contactless APIs. To illustrate the feasibility of these actions, we also show how to practically skim and emulate certain tokens typically used in payment and access control applications with a NFC mobile phone. We also discuss how to capture and analyse legitimate transaction information from contactless systems. Although such attacks can also be implemented on other contactless platforms, such as custom-built card emulators and modified readers, the NFC enabled mobile phone has a legitimate form factor, which would be accepted by merchants and arouse less suspicion in public. Finally, we propose several security countermeasures for NFC phones that could prevent such misuse.
منابع مشابه
Software Card Emulation in NFC-enabled Mobile Phones: Great Advantage or Security Nightmare?
Software card emulation is a new approch to advance the interoperability of NFC with legacy contactless smartcard systems. It has been first introduced to NFC-enabled mobile phones by Research In Motion (RIM) on their BlackBerry platform. Software card emulation aims at opening and simplifying the complex and tightly controlled card emulation functionality. While this form of card emulation, th...
متن کاملConnecting Mobile Phones to the Internet of Things: A Discussion of Compatibility Issues Between EPC and NFC
Near Field Communication devices and Electronic Product Code tags are two important RFID based solutions which have matured to market-readiness within the last years. Though both standards are based on the same technological foundation, there are some significant differences as to the goals that their developers intend to achieve through their use. Mobile phones are the most popular personal de...
متن کاملPractical Experiences with NFC Security on mobile Phones
In this paper we present our practical experiences in implementing a secure NFC application on mobile phones. First, we present the characteristics of the NFC technology and its security features. Based on our practical, real-world offline NFC voucher payment application, using the Nokia 6313 and 6212 NFC enabled devices, we illustrate the possibilities of NFC applications on today’s technology...
متن کاملPractical Relay Attack on Contactless Transactions by Using NFC Mobile Phones
Contactless technology is widely used in security sensitive applications, including identification, payment and access-control systems. Near Field Communication (NFC) is a short-range contactless technology allowing mobile devices to act primarily as either a reader or a token. Relay attacks exploit the assumption that a contactless token within communication range is in close proximity, by pla...
متن کاملProposing a Model for Patient Admission and NFC Mobile Payment by Biometric Identification and Smart Health Card
Abstract Following the advances in mobile communication and information technology, smart phones have been used in a wide variety of commercial, social, entertainment, file sharing and health transactions and applications. The current procedures in healthcare environment for patient registration, appointment scheduling and payment are time consuming and somehow tiresome. Traditionally, patie...
متن کامل