Relay Attacks in EMV Contactless Cards with Android OTS Devices

Similar documents
NFC Hacking: The Easy Way

NFC Hacking: The Easy Way

Training MIFARE SDK. Public. MobileKnowledge June 2015

Training. NFC in Android. Public. MobileKnowledge October 2015

NFC Test Challenges for Mobile Device Developers Presented by: Miguel Angel Guijarro

Using RFID Techniques for a Universal Identification Device

Significance of Tokenization in Promoting Cloud Based Secure Elements

NFC. Technical Overview. Release r05

AN Software Design Guide for POS Development Kit OM5597/RD2663. Rev August Application note COMPANY PUBLIC

Technical Article. NFiC: a new, economical way to make a device NFC-compliant. Prashant Dekate

How To Secure A Paypass Card From Being Hacked By A Hacker

An NFC Ticketing System with a new approach of an Inverse Reader Mode

Loyalty Systems over Near Field Communication (NFC)

An NFC Ticketing System with a new approach of an Inverse Reader Mode

THE APPEAL FOR CONTACTLESS PAYMENT 3 AVAILABLE CONTACTLESS TECHNOLOGIES 3 USING ISO BASED TECHNOLOGY FOR PAYMENT 4

Contactless Payments with Mobile Wallets. Overview and Technology

Risks of Offline Verify PIN on Contactless Cards

AN1304. NFC Type MIFARE Classic Tag Operation. Application note PUBLIC. Rev October Document information

Hacking the NFC credit cards for fun and debit ;) Renaud Lifchitz BT Hackito Ergo Sum 2012 April 12,13,14 Paris, France

What is a Smart Card?

NACCU Migrating to Contactless:

Using an NFC-equipped mobile phone as a token in physical access control

Mobile Near-Field Communications (NFC) Payments

Vulnerability Analysis and Attacks on NFC enabled Mobile Phones

A Guide to EMV. Version 1.0 May Copyright 2011 EMVCo, LLC. All rights reserved.

Training. MIFARE4Mobile. Public. MobileKnowledge April 2015

Mobile Payment using HCE and mpoint payment gateway based on NFC enabled phones. AUTHOR : GRZEGORZ MILCARZ S111040

RF-Enabled Applications and Technology: Comparing and Contrasting RFID and RF-Enabled Smart Cards

Mobile Electronic Payments

MIFARE ISO/IEC PICC

Best Practices for the Use of RF-Enabled Technology in Identity Management. January Developed by: Smart Card Alliance Identity Council

Software Card Emulation in NFC-enabled Mobile Phones: Great Advantage or Security Nightmare?

Exercise 1: Set up the Environment

welcome to liber8:payment

Near Field Communication in Cell Phones

NFC technology user guide. Contactless payment by mobile

Security in Near Field Communication (NFC)

Contactless Smart Cards vs. EPC Gen 2 RFID Tags: Frequently Asked Questions. July, Developed by: Smart Card Alliance Identity Council

NFC Application Mobile Payments

MIFARE CONTACTLESS CARD TECHNOLOLGY AN HID WHITE PAPER

NFC: Enabler for Innovative Mobility and Payment NFC: MOBILIDADE E MEIOS DE PAGAMENTO

Gemalto Mifare 1K Datasheet

PCI 3.1 Changes. Jon Bonham, CISA Coalfire System, Inc.

Overview of Contactless Payment Cards. Peter Fillmore. July 20, 2015

Software Card Emulation in NFC-enabled Mobile Phones: Great Advantage or Security Nightmare?

Android pay. Frequently asked questions

}w!"#$%&'()+,-./012345<ya

1. Fault Attacks for Virtual Machines in Embedded Platforms. Supervisor: Dr Konstantinos Markantonakis,

a leap ahead in analog

Chytré karty opět o rok dál...

PCI and EMV Compliance Checkup

Security Analysis of Mobile Payment Systems

A Note on the Relay Attacks on e-passports

Ingenious Systems. Evolute System's. Mobile Payment. Initiative

How Secure are Contactless Payment Systems?

The SmartLogic Tool: Analysing and Testing Smart Card Protocols

The mobile phone as a contactless ticket

Your Mobile Phone as a Ticket (NFC)

AN1305. MIFARE Classic as NFC Type MIFARE Classic Tag. Application note COMPANY PUBLIC. Rev October Document information

Mobile NFC 101. Presenter: Nick von Dadelszen Date: 31st August 2012 Company: Lateral Security (IT) Services Limited

Application of Near Field Communication Technology for Mobile Airline Ticketing

DEVELOPING NFC APPS for BLACKBERRY

permitting close proximity communication between devices in this case a phone and a terminal.

ACR120 Technical Specifications version 2.9 November 2005

Relay Attacks on Passive Keyless Entry and Start Systems in Modern Cars

Credit Card Fraud The Contactless Generation Kristin Paget

Workshop: NEAR FIELD COMMUNICATION TECHNOLOGY

EMV and Small Merchants:

Mobile/NFC Standards Landscape Reference Guide

Secure Element Deployment & Host Card Emulation v1.0

Relay Attacks on Passive Keyless Entry and Start Systems in Modern Cars

Index. 1-FLYPOS hardware/firmware Technology Overview 2-FLYPOS software architecture 3-Gateway/Acquirer Interface 4-Letters of Approval

Information Security Group (ISG) Core Research Areas. The ISG Smart Card Centre. From Smart Cards to NFC Smart Phone Security

Mobile and Contactless Payment Security

PUF Physical Unclonable Functions

Relay attacks on card payment: vulnerabilities and defences

NFC Based Equipment Management Inventory System

Threat Modeling for offline NFC Payments

Mobile Payment Transactions: BLE and/or NFC? White paper by Swen van Klaarbergen, consultant for UL Transaction Security s Mobile Competence Center

SECURITY IMPLICATIONS OF NFC IN AUTHENTICATION AND IDENTITY MANAGEMENT

Analysis of advanced issues in mobile security in android operating system

BGS MOBILE PLATFORM HCE AND CLOUD BASED PAYMENTS

Chip Card & Security ICs Mifare NRG SLE 66R35

Frequently Asked Questions

Secure My-d TM and Mifare TM RFID reader system by using a security access module Erich Englbrecht (info@eonline.de) V0.1draft

APPFORUM2014. Helping the developer community build next-generation, multi-platform apps. SCHAUMBURG, ILLINOIS SEPTEMBER 8-10

How To Attack A Key Card With A Keycard With A Car Key (For A Car)

Banking. Extending Value to Customers. KONA Banking product matrix. is leading the next generation of payment solutions.

EMV-TT. Now available on Android. White Paper by

NFC technology user guide. Contactless payment by mobile

Mobile MasterCard PayPass Testing and Approval Guide. December Version 2.0

Security & Chip Card ICs SLE 44R35S / Mifare

Documentation of Use Cases for NFC Mobile Devices in Public Transport

NFC Tags & Solutions. Understanding Near Field Communication (NFC) Technology. Executive Summary

toast EMV in 2015: How Restaurants Can Prepare for the New Chip-and-Pin Standard

Applying recent secure element relay attack scenarios to the real world: Google Wallet Relay Attack

A MOBILE PAYMENT SYSTEM WITH AN EXTRA TOKEN OF SECURITY Nael Hirzallah 1 and Sana Nseir 2

Transcription:

Relay Attacks in EMV Contactless Cards with Android OTS Devices José Vila, Ricardo J. Rodríguez pvtolkien@gmail.com, rj.rodriguez@unileon.es All wrongs reversed Computer Science and Research Institute of Systems Engineering Dept. Applied Sciences in Cybersecurity University of Zaragoza, Spain University of León, Spain May 28, 2015 Hack in the Box 2015 Amsterdam (Nederland)

About us Pepe Vila Security Consultant at E&Y tw: @cgvwzq http://vwzq.net Dr. Ricardo J. Rodríguez Senior Security Researcher at ULE tw: @RicardoJRodriguez http://www.ricardojrodriguez.es Main research interests </JavaXSScript>and client-side attacks NFC security Android internals Main research interests Security/safety modelling and analysis of ICS Advanced malware analysis NFC security J. Vila, R. J. Rodríguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITB 15 AMS 2 / 36

Agenda 1 Introduction 2 Background EMV Contactless Cards Relay Attacks and Mafia Frauds 3 Android and NFC: A Tale of L ve Evolution of NFC Support in Android Practical Implementation Alternatives in Android 4 Relay Attack Implementation Demo experiment Threat Scenarios Resistant Mechanisms 5 Related Work 6 Conclusions J. Vila, R. J. Rodríguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITB 15 AMS 3 / 36

Agenda 1 Introduction 2 Background EMV Contactless Cards Relay Attacks and Mafia Frauds 3 Android and NFC: A Tale of L ve Evolution of NFC Support in Android Practical Implementation Alternatives in Android 4 Relay Attack Implementation Demo experiment Threat Scenarios Resistant Mechanisms 5 Related Work 6 Conclusions J. Vila, R. J. Rodríguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITB 15 AMS 4 / 36

Introduction to NFC (I) What is NFC? Bidirectional short-range contactless communication technology Up to 10 cm Based on RFID standards, works in the 13.56 MHz spectrum Data transfer rates vary: 106, 216, and 424 kbps J. Vila, R. J. Rodríguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITB 15 AMS 5 / 36

Introduction to NFC (I) What is NFC? Bidirectional short-range contactless communication technology Up to 10 cm Based on RFID standards, works in the 13.56 MHz spectrum Data transfer rates vary: 106, 216, and 424 kbps Security based on proximity concern: physical constraints J. Vila, R. J. Rodríguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITB 15 AMS 5 / 36

Introduction to NFC (II) Wow! NFC sounds pretty hipster! Two main elements: Proximity Coupling Device (PCD, also NFC-capable device) Proximity Integrated Circuit Cards (PICC, also NFC tags) Three operation modes: Peer to peer: direct communication between parties Read/write: communication with a NFC tag Card-emulation: an NFC device behaves as a tag J. Vila, R. J. Rodríguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITB 15 AMS 6 / 36

Introduction to NFC (III) ISO/IEC 14443 standard Four-part international standard for contactless smartcards 1 Size, physical characteristics, etc. 2 RF power and signalling schemes (Type A & B) Half-duplex, 106 kbps rate 3 Initialization + anticollision protocol 4 Data transmission protocol IsoDep cards: compliant with the four parts Example: contactless payment cards J. Vila, R. J. Rodríguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITB 15 AMS 7 / 36

Introduction to NFC (IV) ISO/IEC 7816 Fifteen-part international standard related to contacted integrated circuit cards, especially smartcards Application Protocol Data Units (APDUs) J. Vila, R. J. Rodríguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITB 15 AMS 8 / 36

Introduction to NFC (V) [Taken from 13.56 MHz RFID Proximity Antennas (http://www.nxp.com/documents/application_note/an78010.pdf)] J. Vila, R. J. Rodríguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITB 15 AMS 9 / 36

Introduction to NFC (V) [Taken from 13.56 MHz RFID Proximity Antennas (http://www.nxp.com/documents/application_note/an78010.pdf)] J. Vila, R. J. Rodríguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITB 15 AMS 9 / 36

Introduction to NFC (VI) J. Vila, R. J. Rodríguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITB 15 AMS 10 / 36

Introduction to NFC (VII) Ok... So, is it secure, right? Right?? J. Vila, R. J. Rodríguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITB 15 AMS 11 / 36

Introduction to NFC (VII) Ok... So, is it secure, right? Right?? If it were *so* secure, you would not be staring at us J. Vila, R. J. Rodríguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITB 15 AMS 11 / 36

Introduction to NFC (VII) Ok... So, is it secure, right? Right?? If it were *so* secure, you would not be staring at us NFC security threats Eavesdropping Secure communication as solution Data modification (i.e., alteration, insertion, or destruction) Relays Feasible in theory (but requires quite advanced RF knowledge) Forwarding of wireless communication Two types: passive (just forwards), or active (forwards and alters the data) J. Vila, R. J. Rodríguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITB 15 AMS 11 / 36

Introduction to NFC (VII) Ok... So, is it secure, right? Right?? If it were *so* secure, you would not be staring at us NFC security threats Eavesdropping Secure communication as solution Data modification (i.e., alteration, insertion, or destruction) Relays Feasible in theory (but requires quite advanced RF knowledge) Forwarding of wireless communication Two types: passive (just forwards), or active (forwards and alters the data) We focus on passive relay attacks J. Vila, R. J. Rodríguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITB 15 AMS 11 / 36

Introduction to NFC (VIII) NFC brings cards to mobile devices Payment sector is quite interested in this new way for making payments 500M NFC payment users expected by 2019 Almost 300 smart phones available at the moment with NFC capabilities Check http: //www.nfcworld.com/nfc-phones-list/ Most of them runs Android OS J. Vila, R. J. Rodríguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITB 15 AMS 12 / 36

Introduction to NFC (VIII) Research Hypothesis NFC brings cards to mobile devices Payment sector is quite interested in this new way for making payments 500M NFC payment users expected by 2019 Almost 300 smart phones available at the moment with NFC capabilities Check http: //www.nfcworld.com/nfc-phones-list/ Most of them runs Android OS Can a passive relay attack be performed in contactless payment cards, using an Android NFC-capable device? If so, what are the constraints? (whether any exists) J. Vila, R. J. Rodríguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITB 15 AMS 12 / 36

Agenda 1 Introduction 2 Background EMV Contactless Cards Relay Attacks and Mafia Frauds 3 Android and NFC: A Tale of L ve Evolution of NFC Support in Android Practical Implementation Alternatives in Android 4 Relay Attack Implementation Demo experiment Threat Scenarios Resistant Mechanisms 5 Related Work 6 Conclusions J. Vila, R. J. Rodríguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITB 15 AMS 13 / 36

Background (I) EMV contactless cards Europay, Mastercard, and VISA standard for inter-operation of IC cards, Point-of-Sale terminals and automated teller machines Authenticating credit and debit card transactions Commands defined in ISO/IEC 7816-3 and ISO/IEC 7816-4 (http://en.wikipedia.org/wiki/emv) Application ID (AID) command J. Vila, R. J. Rodríguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITB 15 AMS 14 / 36

Background (II) MasterCard PayPass, VISA paywave, and AmericanExpress ExpressPay Are they secure? J. Vila, R. J. Rodríguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITB 15 AMS 15 / 36

Background (II) MasterCard PayPass, VISA paywave, and AmericanExpress ExpressPay Are they secure? Amount limit on a single transaction Up to 20 GBP, 20, US$50, 50CHF, CAD$100, or AUD$100 J. Vila, R. J. Rodríguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITB 15 AMS 15 / 36

Background (II) MasterCard PayPass, VISA paywave, and AmericanExpress ExpressPay Are they secure? Amount limit on a single transaction Up to 20 GBP, 20, US$50, 50CHF, CAD$100, or AUD$100 *cof, cof* (http://www.bankinfosecurity.com/android-attack-exploits-visa-emv-flaw-a-7516/op-1) J. Vila, R. J. Rodríguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITB 15 AMS 15 / 36

Background (II) MasterCard PayPass, VISA paywave, and AmericanExpress ExpressPay Are they secure? Amount limit on a single transaction Up to 20 GBP, 20, US$50, 50CHF, CAD$100, or AUD$100 *cof, cof* (http://www.bankinfosecurity.com/android-attack-exploits-visa-emv-flaw-a-7516/op-1) Sequential contactless payments limited it asks for the PIN Protected by the same fraud guarantee as standard transactions (hopefully) J. Vila, R. J. Rodríguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITB 15 AMS 15 / 36

Background (III) Relay attacks On Numbers and Games, J. H. Conway (1976) Mafia frauds Y. Desmedt (SecuriCom 88) P V communication link P V Real-time fraud where a fraudulent prover P and verifier V cooperate J. Vila, R. J. Rodríguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITB 15 AMS 16 / 36

Background (III) Relay attacks On Numbers and Games, J. H. Conway (1976) Mafia frauds Y. Desmedt (SecuriCom 88) P V communication link P V Real-time fraud where a fraudulent prover P and verifier V cooperate Honest prover and verifier: contactless card and Point-of-Sale terminal Dishonest prover and verifier: two NFC-enabled Android devices J. Vila, R. J. Rodríguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITB 15 AMS 16 / 36

Agenda 1 Introduction 2 Background EMV Contactless Cards Relay Attacks and Mafia Frauds 3 Android and NFC: A Tale of L ve Evolution of NFC Support in Android Practical Implementation Alternatives in Android 4 Relay Attack Implementation Demo experiment Threat Scenarios Resistant Mechanisms 5 Related Work 6 Conclusions J. Vila, R. J. Rodríguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITB 15 AMS 17 / 36

Android and NFC: A Tale of L ve (I) Recap on evolution of Android NFC support NFC operation modes supported Software Reader/Writer Peer-to-peer Hardware Card-emulation { Software Reader/Writer Peer-to-peer Card-emulation Hardware Card-emulation { Android 2.3.3 Gingerbread (API level 10) Android 4.2 Jelly Bean (API level 17) Android CyanogenMod OS 9.1 Android 4.4 KitKat (API level 19) NfcA (ISO/IEC 14443-3A) NfcB (ISO/IEC 14443-3B) NfcBarcode IsoPcdA (ISO/IEC 14443-4A) NfcAdapter.ReaderCallback added Ndef IsoDep (ISO/IEC 14443-4) IsoPcdB (ISO/IEC 14443-4B) NfcV (ISO/IEC 15693) NfcF (JIS 6319-4) thanks to Doug Year NdefFormatable MifareClassic MifareUltralight J. Vila, R. J. Rodríguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITB 15 AMS 18 / 36

Android and NFC: A Tale of L ve (II) Digging into Android NFC stack Event-driven framework, nice API support Two native implementations (depending on built-in NFC chip) libnfc-nxp libnfc-nci J. Vila, R. J. Rodríguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITB 15 AMS 19 / 36

Android and NFC: A Tale of L ve (II) Digging into Android NFC stack Event-driven framework, nice API support Two native implementations (depending on built-in NFC chip) libnfc-nxp libnfc-nci NXP dropped in favour of NCI: Open architecture, not focused on a single family chip Open interface between the NFC Controller and the DH Standard proposed by NFC Forum J. Vila, R. J. Rodríguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITB 15 AMS 19 / 36

Android and NFC: A Tale of L ve (III) Digging into Android NFC stack Reader/Writer mode Not allowed to be set directly Android activity Android NFC service selects apps according to tag definition of Manifest file In low-level, libnfc-nci uses reliable mechanism of queues and message passing General Kernel Interface (GKI) Makes communication between layers and modules easier NFC developer framework User App Tag IPC mtagservice.transceive NfcService TagService DeviceHost.TagEndPoint <<realize>> NativeNfcTag JNI dotransceive System NFC Library NativeNfcTag.cpp libnfc-nci J. Vila, R. J. Rodríguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITB 15 AMS 20 / 36

Android and NFC: A Tale of L ve (IV) Digging into Android NFC stack HCE mode A service must be implemented to process commands and replies HostApduService abstract class, and processcommandapdu method AID-based routing service table This means you need to declare in advance what AID you handle! J. Vila, R. J. Rodríguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITB 15 AMS 21 / 36

Android and NFC: A Tale of L ve (V) Digging into Android NFC stack Summary Description Language(s) Dependency OSS NFC developer framework Java, C++ API level Yes (com.android.nfc package) System NFC library C/C++ Manufacturer Yes (libnfc-nxp or libnc-nci) NFC Android kernel driver C Hardware and manufacturer Yes NFC firmware ARM Thumb Hardware and No (/system/vendor/firmware directory) manufacturer Some useful links https://android.googlesource.com/platform/frameworks/base/+/master/core/java/android/nfc/ https://android.googlesource.com/platform/packages/apps/nfc/+/master/src/com/android/nfc https://android.googlesource.com/platform/packages/apps/nfc/+/master/nci/ https://android.googlesource.com/platform/external/libnfc-nci/+/master/src/ http://nfc-forum.org/our-work/specifications-and-application-documents/specifications/ nfc-controller-interface-nci-specifications/ http://www.cardsys.dk/download/nfc_docs/nfc%20controller%20interface%20(nci)%20technical% 20Specification.pdf http://www.datasheet4u.com/pdf/845670/bcm20793s.html http://www.datasheet4u.com/pdf/845671/bcm20793skmlg.html J. Vila, R. J. Rodríguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITB 15 AMS 22 / 36

Android and NFC: A Tale of L ve (VI) Some remarkable limitations Limitation 1 Dishonest verifier communicates with a MIFARE Classic libnfc-nci do not allow sending raw ISO/IEC 14443-3 commands Caused by the CRC computation, performed by the NFCC Overcome whether NFCC is modified EMV contactless cards are IsoDep: fully ISO/IEC 14443-compliant J. Vila, R. J. Rodríguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITB 15 AMS 23 / 36

Android and NFC: A Tale of L ve (VI) Some remarkable limitations Limitation 1 Dishonest verifier communicates with a MIFARE Classic libnfc-nci do not allow sending raw ISO/IEC 14443-3 commands Caused by the CRC computation, performed by the NFCC Overcome whether NFCC is modified EMV contactless cards are IsoDep: fully ISO/IEC 14443-compliant Limitation 2 Dishonest prover communicates with a honest verifier Device in HCE mode AID must be known in advance Overcome whether device is rooted Xposed framework may help to overcome this issue, but needs root permissions J. Vila, R. J. Rodríguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITB 15 AMS 23 / 36

Android and NFC: A Tale of L ve (V) Some remarkable limitations and remarks Limitation 3 Dishonest prover and a dishonest verifier communicate through a non-reliable peer-to-peer relay channel ISO/IEC 14443-4 defines the Frame Waiting Time as FWT = 256 (16/f c ) 2 FWI, 0 FWI 14, where f c = 13.56 MHz J. Vila, R. J. Rodríguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITB 15 AMS 24 / 36

Android and NFC: A Tale of L ve (V) Some remarkable limitations and remarks Limitation 3 Dishonest prover and a dishonest verifier communicate through a non-reliable peer-to-peer relay channel ISO/IEC 14443-4 defines the Frame Waiting Time as FWT = 256 (16/f c ) 2 FWI, 0 FWI 14, where f c = 13.56 MHz FWT [500µs, 5s] relay is theoretically possible when delay is 5s Concluding Remarks Any NFC-enabled device running OTS Android 4.4 can perform an NFC passive relay attack at APDU level when the specific AID of the honest prover is known and an explicit SELECT is performed J. Vila, R. J. Rodríguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITB 15 AMS 24 / 36

Android and NFC: A Tale of L ve (V) Some remarkable limitations and remarks Limitation 3 Dishonest prover and a dishonest verifier communicate through a non-reliable peer-to-peer relay channel ISO/IEC 14443-4 defines the Frame Waiting Time as FWT = 256 (16/f c ) 2 FWI, 0 FWI 14, where f c = 13.56 MHz FWT [500µs, 5s] relay is theoretically possible when delay is 5s Concluding Remarks Any NFC-enabled device running OTS Android 4.4 can perform an NFC passive relay attack at APDU level when the specific AID of the honest prover is known and an explicit SELECT is performed Any communication involving a APDU-compliant NFC tag (i.e., MIFARE DESFire EV1, Inside MicroPass, or Infineon SLE66CL) can also be relayed J. Vila, R. J. Rodríguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITB 15 AMS 24 / 36

Android and NFC: A Tale of L ve (V) Some remarkable limitations and remarks Limitation 3 Dishonest prover and a dishonest verifier communicate through a non-reliable peer-to-peer relay channel ISO/IEC 14443-4 defines the Frame Waiting Time as FWT = 256 (16/f c ) 2 FWI, 0 FWI 14, where f c = 13.56 MHz FWT [500µs, 5s] relay is theoretically possible when delay is 5s Concluding Remarks Any NFC-enabled device running OTS Android 4.4 can perform an NFC passive relay attack at APDU level when the specific AID of the honest prover is known and an explicit SELECT is performed Any communication involving a APDU-compliant NFC tag (i.e., MIFARE DESFire EV1, Inside MicroPass, or Infineon SLE66CL) can also be relayed And now, let s move to the practice J. Vila, R. J. Rodríguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITB 15 AMS 24 / 36

Agenda 1 Introduction 2 Background EMV Contactless Cards Relay Attacks and Mafia Frauds 3 Android and NFC: A Tale of L ve Evolution of NFC Support in Android Practical Implementation Alternatives in Android 4 Relay Attack Implementation Demo experiment Threat Scenarios Resistant Mechanisms 5 Related Work 6 Conclusions J. Vila, R. J. Rodríguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITB 15 AMS 25 / 36

Relay Attack Implementation (I) Experiment configuration PoS device: Ingenico IWL280 with GRPS + NFC support Android app developed (±2000 LOC) Two OTS Android NFC-capable devices One constraint only: dishonest prover must run an Android 4.4 J. Vila, R. J. Rodríguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITB 15 AMS 26 / 36

Relay Attack Implementation (I) Experiment configuration PoS device: Ingenico IWL280 with GRPS + NFC support Android app developed (±2000 LOC) Two OTS Android NFC-capable devices One constraint only: dishonest prover must run an Android 4.4 J. Vila, R. J. Rodríguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITB 15 AMS 26 / 36

Relay Attack Implementation (II) Threat Scenarios Scenario 1 Distributed Mafia Fraud BOT BOT BOT BOT BOT BOTMASTER BOT J. Vila, R. J. Rodríguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITB 15 AMS 27 / 36

Relay Attack Implementation (III) Threat Scenarios Scenario 2 Hiding Fraud Locations J. Vila, R. J. Rodríguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITB 15 AMS 28 / 36

Relay Attack Implementation (IV) Resistant Mechanisms Brief summary of resistant mechanisms Distance-bounding protocols Upper bounding the physical distance using Round-Trip-Time of cryptographic challenge-response messages Timing constraints Not enforced in current NFC-capable systems The own protocol allows timing extension commands Physical countermeasures Whitelisting/Blacklisting random UID in HCE mode unfeasible RFID blocking covers Physical button/switch activation Secondary authentication methods (e.g., on-card fingerprint scanners) J. Vila, R. J. Rodríguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITB 15 AMS 29 / 36

Agenda 1 Introduction 2 Background EMV Contactless Cards Relay Attacks and Mafia Frauds 3 Android and NFC: A Tale of L ve Evolution of NFC Support in Android Practical Implementation Alternatives in Android 4 Relay Attack Implementation Demo experiment Threat Scenarios Resistant Mechanisms 5 Related Work 6 Conclusions J. Vila, R. J. Rodríguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITB 15 AMS 30 / 36

Related Work On relay attacks 2005-2009 First works built on specific hardware 2010 Nokia mobile phones with NFC capability plus a Java MIDlet app 2012-2013 Relay attacks on Android accessing to Secure Elements A SE securely stores data associated with credit/debit cards Needs a non-ots Android device 2014 Active relay attacks with custom hardware and custom Android firmware Several works studied delay upon relay channel: Relay over long distances are feasible latency isn t a hard constraint Ask us for *specific* references, too many names for a single slide! J. Vila, R. J. Rodríguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITB 15 AMS 31 / 36

Agenda 1 Introduction 2 Background EMV Contactless Cards Relay Attacks and Mafia Frauds 3 Android and NFC: A Tale of L ve Evolution of NFC Support in Android Practical Implementation Alternatives in Android 4 Relay Attack Implementation Demo experiment Threat Scenarios Resistant Mechanisms 5 Related Work 6 Conclusions J. Vila, R. J. Rodríguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITB 15 AMS 32 / 36

Conclusions (I) Security of NFC is based on the physical proximity concern NFC threats: eavesdropping, data modification, relay attacks Android NFC-capable devices are rising Abuse to interact with cards in its proximity J. Vila, R. J. Rodríguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITB 15 AMS 33 / 36

Conclusions (I) Security of NFC is based on the physical proximity concern NFC threats: eavesdropping, data modification, relay attacks Android NFC-capable devices are rising Abuse to interact with cards in its proximity Conclusions Review of Android NFC stack Proof-of-Concept of relay attacks using Android OTS devices Threat scenarios introduced J. Vila, R. J. Rodríguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITB 15 AMS 33 / 36

Conclusions (I) Security of NFC is based on the physical proximity concern NFC threats: eavesdropping, data modification, relay attacks Android NFC-capable devices are rising Abuse to interact with cards in its proximity Conclusions Review of Android NFC stack Proof-of-Concept of relay attacks using Android OTS devices Threat scenarios introduced Virtual pickpocketing attack may appear before long! J. Vila, R. J. Rodríguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITB 15 AMS 33 / 36

Conclusions (II) But then, what the hell can I do?? Should I run away? J. Vila, R. J. Rodríguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITB 15 AMS 34 / 36

Conclusions (II) But then, what the hell can I do?? Should I run away? J. Vila, R. J. Rodríguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITB 15 AMS 34 / 36

Conclusions (II) But then, what the hell can I do?? Should I run away? J. Vila, R. J. Rodríguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITB 15 AMS 34 / 36

Conclusions (III) Future Work Develop/// ////////// a botnet////////////////// infrastructure///// and/////// earn///////// money Timing constraints of Android HCE mode Try active relay attacks within EMV contactless cards Acknowledgments Spanish National Cybersecurity Institute (INCIBE) University of León under contract X43 HITB staff J. Vila, R. J. Rodríguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITB 15 AMS 35 / 36

Conclusions (III) Future Work Develop/// ////////// a botnet////////////////// infrastructure///// and/////// earn///////// money Timing constraints of Android HCE mode Try active relay attacks within EMV contactless cards Acknowledgments Spanish National Cybersecurity Institute (INCIBE) University of León under contract X43 HITB staff And thanks to all for hearing us! Visit http://vwzq.net/relaynfc for more info about the project J. Vila, R. J. Rodríguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITB 15 AMS 35 / 36

Relay Attacks in EMV Contactless Cards with Android OTS Devices José Vila, Ricardo J. Rodríguez pvtolkien@gmail.com, rj.rodriguez@unileon.es All wrongs reversed Computer Science and Research Institute of Systems Engineering Dept. Applied Sciences in Cybersecurity University of Zaragoza, Spain University of León, Spain May 28, 2015 Hack in the Box 2015 Amsterdam (Nederland)

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information