NFC attacks
-
Upload
peter-swedin -
Category
Business
-
view
3.493 -
download
3
Transcript of NFC attacks
NFC attacks
By Peter Swedinwww.omegapoint.us
This presentation was made possible by the awesome research of
• Charlie Miller (Twitter sec team, Accuvant)• Verdult & Kooman (Radboud University,
SURFnet)• Eddie Lee (Blackwing Intelligence)
What is NFC?
• Set of communication protocols based on RFID (Basically all of the RFID standards plus P2P instructions)
• Runs in the frequency of 13.56Mhz• Range is usually less than 4cm • Narrow bandwidth (106, 212, 424 Kbits/s)
Active Vs. Passive
• Active, P2P– Both devices generates their own fields
• Passive (backwards compatible mode)– Initiating device generates carrier fields– Target device modulates existing field
Many usages
Android
Android Beam
Android Beam marketing buzz
• This is one of the most admired features of the android 4.0 ice cream sandwich update!
• The users can now share music, docs, videos, and photos just in a single tap!
• No need to pair the devices before exchanging the data, the new ICS had made it absolutely trouble-free!
Absolutely trouble-free
Smart poster
Remote shell
Bluetooth pairing(!)
Use NFC to pair with a Bluetooth speaker
Nokia N9 Bluetooth pairing
• Absolutely trouble free• Pair devices without user interaction• No need for PIN/Pwd• Does not have “Confirm sharing and
connecting” enabled • Bluetooth doesn´t even have to be turned on.
It will be switched on for you
Eddie Lee’s NFC proxy
• Android app to skim RFID credit cards• Using the app an attacker can steal CC
number, expiration date and CVV code• Replay this info to a RFID enabled POS device
NFC Proxy
Links
• NFC Proxy (Tool and Source) http://sourceforge.net/p/nfcproxy/
• Charlie Miller - NFC Attack Surface http://ia600505.us.archive.org/30/items/Defcon20Slides/DEFCON-20-Miller-NFC-Attack-Surface.pdf
• Verdult & Kooman – Practical attacks http://www.cs.ru.nl/~rverdult/Practical_attacks_on_NFC_enabled_cell_phones-NFC_2011.pdf
• Eddie Lee – NFC Hacking The Easy Wayhttp://www.blackwinghq.com/assets/labs/presentations/EddieLeeDefcon20.pdf
The End
Peter at omegapoint dot us