On the security issues of NFC enabled mobile phones

Lishoy Francis; Gerhard Hancke; Keith Mayes; Konstantinos Markantonakis

doi:10.1504/IJITST.2010.037408

Author(s)

Lishoy Francis
Gerhard Hancke
Keith Mayes
Konstantinos Markantonakis

Detail(s)

Original language	English
Pages (from-to)	336-356
Journal / Publication	International Journal of Internet Technology and Secured Transactions
Volume	2
Issue number	3-4
Online published	6 Dec 2010
Publication status	Published - 2010
Externally published	Yes

Link(s)

DOI	DOI https://doi.org/10.1504/IJITST.2010.037408 Final Published version
	Check@CityULib
Link to Scopus	https://www.scopus.com/record/display.uri?eid=2-s2.0-84860689367&origin=recordpage
Permanent Link	https://scholars.cityu.edu.hk/en/publications/publication(3f9ef1a1-e7a0-4925-8d9c-9993b4917138).html

Abstract

In this paper, we investigate the possibility that a Near Field Communication (NFC) enabled mobile phone, with an embedded secure element (SE), could be used as a mobile token cloning and skimming platform. We show how an attacker could use an NFC mobile phone as such an attack platform by exploiting the existing security controls of the embedded SE and the available contactless APIs. To illustrate the feasibility of these actions, we also show how to practically skim and emulate certain tokens typically used in payment and access control applications with a NFC mobile phone. We also discuss how to capture and analyse legitimate transaction information from contactless systems. Although such attacks can also be implemented on other contactless platforms, such as custom-built card emulators and modified readers, the NFC enabled mobile phone has a legitimate form factor, which would be accepted by merchants and arouse less suspicion in public. Finally, we propose several security countermeasures for NFC phones that could prevent such misuse. Copyright © 2010 Inderscience Enterprises Ltd.

Research Area(s)

Cloning attack, Countermeasures, Near Field Communication, NFC, NFC enabled mobile phones, SE, Secure element, Security threats, Skimming attack

Citation Format(s)

[ RIS ] [ BibTeX ]

On the security issues of NFC enabled mobile phones. / Francis, Lishoy; Hancke, Gerhard; Mayes, Keith et al.
In: International Journal of Internet Technology and Secured Transactions, Vol. 2, No. 3-4, 2010, p. 336-356.

Research output: Journal Publications and Reviews › RGC 21 - Publication in refereed journal › peer-review

Francis, L, Hancke, G, Mayes, K & Markantonakis, K 2010, 'On the security issues of NFC enabled mobile phones', International Journal of Internet Technology and Secured Transactions, vol. 2, no. 3-4, pp. 336-356. https://doi.org/10.1504/IJITST.2010.037408

Francis, L., Hancke, G., Mayes, K., & Markantonakis, K. (2010). On the security issues of NFC enabled mobile phones. International Journal of Internet Technology and Secured Transactions, 2(3-4), 336-356. https://doi.org/10.1504/IJITST.2010.037408

Francis L, Hancke G, Mayes K, Markantonakis K. On the security issues of NFC enabled mobile phones. International Journal of Internet Technology and Secured Transactions. 2010;2(3-4):336-356. Epub 2010 Dec 6. doi: 10.1504/IJITST.2010.037408

Francis, Lishoy ; Hancke, Gerhard ; Mayes, Keith et al. / On the security issues of NFC enabled mobile phones. In: International Journal of Internet Technology and Secured Transactions. 2010 ; Vol. 2, No. 3-4. pp. 336-356.