Potential misuse of NFC enabled mobile phones with embedded security elements as contactless attack platforms

Research output: Chapters, Conference Papers, Creative and Literary WorksRGC 32 - Refereed conference paper (with host publication)peer-review

32 Scopus Citations
View graph of relations

Author(s)

Detail(s)

Original languageEnglish
Title of host publicationInternational Conference for Internet Technology and Secured Transactions, ICITST 2009
Publication statusPublished - 2009
Externally publishedYes

Conference

TitleInternational Conference for Internet Technology and Secured Transactions, ICITST 2009
PlaceUnited Kingdom
CityLondon
Period9 - 12 November 2009

Abstract

In this paper we investigate the possibility that a Near Field Communication (NFC) enabled mobile phone, with an embedded Secure Element (SE), could be used as a mobile token cloning and skimming platform. We show how an attacker could use a NFC mobile phone as such an attack platform by exploiting the existing security controls of the embedded SE and the available contactless APIs. To illustrate the feasibility of these actions we also show how to practically skim and emulate certain tokens typically used in payment and access control applications with a NFC mobile phone. Although such attacks can also be implemented on other contactless platforms, such as custom-built card emulators and modified readers, the NFC-enabled mobile phone has a legitimate form factor, which would be accepted by merchants and arouse less suspicion in public. Finally, we propose several security countermeasures for NFC phones that could prevent such misuse. Copyright © 2009 by the Institute of Electrical and Electronics Engineers, Inc. All rights reserved.

Citation Format(s)

Potential misuse of NFC enabled mobile phones with embedded security elements as contactless attack platforms. / Francis, Lishoy; Hancke, Gerhard; Mayes, Keith et al.
International Conference for Internet Technology and Secured Transactions, ICITST 2009. 2009. 5402513.

Research output: Chapters, Conference Papers, Creative and Literary WorksRGC 32 - Refereed conference paper (with host publication)peer-review