1. Near Field Communications
Security Concerns and NFCProxy
Shane Turner
Master of Science in Information Security
68-595 Information Security Practicum
Lewis University
April 22, 2013
2. NFC Security - Introduction
Near Field Communication (NFC)
• NFC is a short range wireless technology that allows communications to take
place between devices that either touch or are momentarily held close
together.
• Frequency 13.56Mhz
• Subset of RFID
• Range – usually less than 4cm
• Narrow Bandwidth (106 to 424 Kbits/s)
• Patented in 1983, ISO 14443 and ISO 7816
• First phone to use NFC – Nokia 6131
• Nokia, Sony and Phillips formed the NFC Forum
3. NFC Security – How is NFC Used ?
Uses for NFC Technology
• Digital Wallet (i.e. Google Wallet)
• Expect NFC smartphones to account for about 50 percent of the phone marketplace by 2014 [source: Popular
Science]
• Info Tags or Smart Tags
• A system called Personal Rosetta Stone that lets cemetery visitors pull information from chip-laden headstones
to read the life stories and obituaries of the deceased [source: Rosetta Stone].
• Movies Posters embedded with NFC chips will be able to link the user to the movie trailer or coupons that
could be used at the theater.
• Gentags
• Diagnostic skin tags that are affixed directly to the patient. These tags can monitor temperature, glucose levels
or ultraviolet light exposure and then send pertinent health information directly to a smartphone.
4. NFC Security – How is NFC Used ?
Uses for NFC Technology
• NFC in your Car
• Car companies are using NFC technology for proximity sensors that allow you to unlock your car
• Push button start in cars as long as your NFC device is in the car.
• Hotels
• NFC chips are embedded into devices that will unlock the door to your hotel room.
• At Work
• NFC Devices used as access control devices allowing or disallowing access into secure areas.
5. NFC Security – How is NFC Used ?
Uses for NFC Technology
• Virtual press kits and business cards (http://www.tapmy.biz/)
• Smartphones
• Information points such as posters
• Speakers, Headphones, various music players
• Cameras
• TV
• Appliances
• Computers
• Smart Meters for Utilities Companies
• Digital bubble gum machine
• Heart Monitor
• Wii U
• Public Transportation
6. NFC Security – Advantages of NFC
What are the Advantages of NFC?
• Augmented Shopping Experience
• Many Tech Companies are getting on board
• Other companies – McDonalds, Toys-R-Us, CVS, Home Depot, Radio Shack, Office Max,
Walgreens, Sports Authority and many other retailers
• Quick and Easy access
• Improved Customer Service
• Real Time Updates
• Versatility
• Safety
7. NFC Security – Risks
What are the Security Risks of NFC?
• Sensitive Financial Data
• Data confidentiality
• Eavesdropping
• Data Corruption
• Viruses
• Man-in-the-middle
• Lack of Education
• Theft
9. NFC Security – NFCProxy
What is NFCProxy?
• Proof of Concept Tool for Pentesters
• Demonstrates insecurities in near field communication and contactless credit cards.
• Demonstrated by Eddie Lee @ Defcon 20 (Security Researcher @ BlackWing Intelligence)
• Software developed by Igor Miladinovic.
• Useful in NFC protocol analysis for further NFC security research.
• Project was to create a pentest tool that could analyze RFID protocols and
proxy transactions using Android phones.
• Proxy transactions, Save transactions, Export transactions, PCD relay and Tag
relay
10. NFC Security – NFCProxy Architecture
Architecture
NFCProxy
Normal
List of Acronyms
• APDU - Application Protocol Data Unit
• NFC – Near Field Communications
• PCD - Proximity Coupling Device
• POS - Point of Sale
11. NFC Security – NFCProxy Hardware
NFCProxy Hardware
• A Proximity Coupling Device (PCD) such as one made by VivioPay
• Two Android smartphones with NFC capabilities. For example; Galaxy S3,
Nexus S or Galaxy Nexus.
• A contactless credit card.
12. NFC Security – NFCProxy Software
NFCProxy Software
• NFCProxy which can be found at soundforge.net
• CyanogenMod – custom ROM found at cyanogenmod.org
• Must be installed on smartphone used for Proxy Mode
• Android version 2.3 (Gingerbread) or newer running on the smartphones.
13. NFC Security – NFCProxy Setup
NFCProxy Setup
• Must have a Wi-Fi connection to transport data.
• Download and install NFCProxy Software to both smartphones.
• Configure Wi-Fi Connection between phones.
• Have PCD unit powered on.
14. NFC Security – NFCProxy - Proxy Mode
Proxy Mode
• Set up the smartphone (not running Cyanogen) in Relay mode near the credit
card you want to use for a transaction.
• Go to the other smartphone that is running the Cyanogen custom ROM and
ensure NFCProxy is running in Proxy mode.
• Relay mode opens up a network socket and waits for a network connection
from the other device running NFCProxy in proxy mode.
• With the Relay Mode smartphone, place it near the contactless credit card
until NFCProxy displays the credit card information on the screen.
• Now send the information to the smartphone running in Proxy Mode.
• With the smartphone running in Proxy Mode swipe the phone in front of the
PCD and you should hear an alert and see green light upon a successful
transaction.
15. NFC Security – NFCProxy Credit Card Data
Credit Card Data
Credit Card Data Successful Transaction
16. NFC Security – NFCProxy - Proxy Mode
NFC
NFCWiFi (IP)
Proxy
Mode
Set to
REPLAY
Mode
Set to
PROXY Mode
APDU
APDU
17. NFC Security – NFCProxy – Relay Mode
Relay Mode
• Use smartphone running Cyanogen ROM
• Open NFCProxy and set it in Replay mode.
• Scan RFID credit card and acquire the information on card.
• Long click on the credit card information on the screen and then select the
“REPLAY TAG” option at the top of the phone
• You should then see a letter “T” at the top of the screen.
• Place the smartphone in front of the credit card reader.
• Credit Card reader should light up and beep if there is a successful transaction
18. NFC Security – NFCProxy - Relay Mode
NFC
NFC
Relay
Mode APDU
APDU
Set to
Relay Mode
Walk to PCD
19. NFC Security – NFCProxy Discussion
Discussion / Lessons Learned
• Both phones must be rooted
• Need correct tools to complete this process
• Install correct version Cyanogen Mod
• Most current version is now working
• Point of Sale devices like the PCD units are easy to acquire
• Able to acquire on EBay (VivioPay 4000 & VivioPay 4500)
• Local Wi-Fi connections easy to set up, long distance connection - some advanced
networking skills needed (VPN knowledge)
• Acquiring an RFID credit Card.
• Visa - PayPass
• Built in security from credit card companies
• Attempts to scan the card out of sequence the card will be deactivated.
20. NFC Security – Vulnerabilities in Detail
Vulnerabilities
• Credit Card skimming using NFCProxy
• Identity Theft
• Financial ruin
• Malware
• Know Malware programs
• End of July 2012 – 5,000
• End of September 2012 - 51,500
• End of 2012 - 283,000
• Scanning of malicious NFC tags
• Can transfer your data if compromised
• 25% or 25,000,000 Android Devices are infected
21. NFC Security – Vulnerabilities in Detail
Vulnerabilities Continued
• Google Apps
• 75% of malware-infected apps downloaded from Google Play [McAfee Mobile Security]
• One-in-six chance of downloading a risky app
• ¼ of these apps contain both malware and a suspicious URL capable of
• Click fraud
• Phishing schemes
• McAfee Labs - found that 40% of malware misbehaved in a complex way
• Hard to detect
• Take advantage of specific technology (NFC)
22. NFC Security – Mitigating NFC Security Risks
Mitigations
• Needs to be a team effort – Proactive not Reactive
• NFC Forum Members
• Consumers
• Application Developers
• Manufactures
• Turn NFC off
• Do not use RFID credit Cards
• Virus Protection on Smartphone
• Use trusted / certified apps only