NFC Payments: The Art of Relay & Replay Attacks

Relay and replay attacks are more prevalent in the payment industry than ever, becoming more complex and sophisticated by the day. We are not just seeing simple skimming techniques but complex attack vectors that are a combination of technologies and implementations involving SDR, NFC, APDU, hardware emulation design, specialized software, tokenization protocols and social engineering.

In this talk we will discuss what exactly relay and replay attacks are, what kind of hardware and software is used. Also we will talk about how anyone already has the hardware necessary to carry out one of these attacks or for $35 dollars someone can create a device to do so. We will show real scenarios where these technologies combined with RFID emulation can be used to exploit any type of NFC transaction. But even worse, how the same attack methods could exploit new NFC implementations for years to come.

In the last few years digital payment methods have had an incredible adoption rate in consumer devices around the world. Many big companies are adding NFC(Near Field Communication) support to all sorts of devices to allow consumers to make monetary transactions. Some of these companies are protecting themselves by implementing tokenization as part of the payment technology. However it is well documented that it is possible to bypass these technologies using simple mechanisms. With all these changes in the NFC ecosystem, the information security field is not well prepared to protect against the increasing new attacks in this area.

Relay and replay attacks are becoming more common in the payment industry. Getting more complex and sophisticated day by day. We are not just seeing simple skimming techniques but complex attack vectors that are a combination of technologies and implementations involving SDR, NFC, APDU, hardware emulation design, specialized software, tokenization protocols and social engineering.

In this talk, we will discuss what these attacks are, or what kind of hardware or software could be implemented. Adding that we will show real scenarios where these technologies combined with RFID emulation could exploit any type of NFC transaction. But even worse, how the same attack methods could exploit new NFC implementations for years to come.

This talk uses exploitation hardware and demos; the presentation will include SDR communication, RFID emulation, APDU communication, extraction of data from physical and digital cards.

Outline

1.- Intro to terminology This section will explain some concepts and details related to RFID/NFC technologies along with EMV transaction framework implementing flow-charts.

2.- What is NFC? This will detail how RFID works and how how it handles the transaction connections. We will explain how the terminal implements the tokens and the process to make the transaction.

3.- Previous Researches and cases from the ‘wild’ We will detail previous investigations and the limit of their scopes.

4.- NFC Emulation Emulation is a technique that it is not very well documented. We will explain, in detail how anyone could create a cheap device to emulate a contactless card using a low cost RFID reader; we are showing that for about $35 dollars anyone can carry out NFC emulator for a replay attack, or for $70, anyone could design a NFC proxy for relay attacks.

5.- Replay attacks We will discuss how an RFID can be interchanged between reader mode to emulator mode to perpretate an attack.

6.- Relay attacks We will discuss how two RFID devices share information in real-time to make a relay attack implementing SDR.

7.- Future research opportunities This section will explain how these attacks could be integrated to attack new technologies in the future: for example how NFC technology could be used to open a car door.

8.- Conclusions Implementations of NFC are likely to be affected for years to come. You already have the equipment to start doing this, a mobile phone can be used as a simple sniffer, a $70 device can be created to be carry out a relay attack. EMV and tokenization failings: EMV was implemented as a way to provide strong transaction security. Adoption of contactless (PayWave/PayPass) forms of payment have introduced weaknesses into this technology.