nfc payments the art of relay replay attacks who am i
play

NFC Payments: The Art of Relay & Replay Attacks Who am I? - PowerPoint PPT Presentation

Jul 05, 2023 •325 likes •1.07k views

NFC Payments: The Art of Relay & Replay Attacks Who am I? Security Researcher Samsung Pay Exploiting Mag-stripe info with Bluetooth audio Co-founder of Women in Tech Fund @Netxing (WomenInTechFund.org) Content

  1. NFC Payments: The Art of Relay & Replay Attacks

  2. Who am I? ● Security Researcher ○ Samsung Pay ○ Exploiting Mag-stripe info with Bluetooth audio ● Co-founder of “Women in Tech Fund” @Netxing (WomenInTechFund.org)

  3. Content ● Relay Attack ● Intro to NFC ● Extracting Chip’s ● EMV Flow Process Data with NFC ● Fraud Vector ● Relay for Replay ● Previous Work ● New Technology ● NFC Emulation ● Replay Attack

  4. NFC Technology

  5. RFID Spectrum (Radio Frequency Identification) NFC

  6. NFC Technology ● 13.56MHz ● Passive mode ● Widely implemented ● ISO-14443A

  7. NFC Technology

  8. NFC Transaction (SE) 1/2 Terminal: 00A404000E325041592E5359532E444446303100 # Select (PPSE)2PAY.SYS.DDF01 Fitbit: 6f5d840e325041592e5359532e4444463031a54bbf0c48611a4f07 a0000000031010 8701 019f2a010342034650985f55025553611a4f07a00000009808408701029f2a0103420346 50985f55025553610e4f09 a0000000980840 00018701039000 ---------- Terminal: 00A4040007 A0000000031010 00 # Select AID Fitbit: 6f4f8407a0000000031010a544 9f38 1b9f66049f02069f03069f1a0295055f2a029a039c01 9f37049f4e14bf0c179f4d02140042034650985f550255539f5a051108400840500a56495 3412044454249549000 ---------- ...

  9. NFC Transaction (SE) 2/2 Terminal: 80A80000378335B2804000000000000100000000000000084000000000000840180217 00CAEE4758000000000000000000000000000000000000000000 #Get processing Fitbit: 776282020040940418010100 9f36 02000b 9f26 08 e631e8efb623e1a4 9f10201f4a040120 0000000010077056000000004000000000000000000000000000009f6c020080 57 13 465 0982981603487d24032010000000909999f 9f6e04248800009f2701809000 ---------- Terminal: 00B2011C00 #Leer SFI(Short File Identifier) Fitbit: 70375f280208409f0702c0809f19060400100770565f340100 9f24 1d 56303031303031353 83137323434303738373336393131383738373235 9000 # Payment Account Reference (PAR)

  10. EMV Flow Process Verify Cardholder Detect Card & Reset Online/Offline Processing Card answers List Applications Restrictions? processing Completed Select Applications Manage Risk Transaction Terminal -> Actions Get Data Authenticate Data Card -> Actions

  11. Tokenization Process

  12. Tokenization Process

  13. Secure Element(SE) & Host Card Emulation(HCE)

  14. SE & HCE Secure Element Host Card Emulation ● More than 20 years of ● Limited use keys development ● Tokenization process ● Smart Card ● Cloud cryptogram ● Restricted Access ● Transaction risk analysis ● Self Encryption

  15. NFC - Fraud Vector

  16. Motivations ● Low limits/but higher in other countries ● No additional cardholder verification ● From banks perspective, the fraud is considered an accepted risk ● NFC embedded in many IoT devices

  17. Attacks in the Wild

  18. Previous Work

  19. Replay Attack(MasterCard) - 2013 https://www.usenix.org/system/files/conference/woot13/woot13-roland.pdf

  20. Replay Attack(Visa) - 2015 77 60 82 02 20 40 9f 36 02 00 06 9f ... 77 60 82 02 00 80 ... “Turn the magstripe bit on (set AIP bytes to 0x0080)” https://www.blackhat.com/docs/us-15/materials/us-15-Fillmore-Crash-Pay-How-To-Own-And-Clone-Contactless-Payment-Devices.pdf

  21. Previous Work DEFCON 25: Man in the NFC ● 2 Boards(Client & Server) ● SDR Support ● Private Prototype ● Special Design https://media.defcon.org/DEF%20CON%2025/DEF%20CON%2025%20presentations/DEFCON-25-Haoqi-Shan-and-Jian-Yuan-Man-in-the-NFC.pdf

  22. NFC Emulation

  23. NFC Emulation + Acr122u (PN532) https://salmg.net/2017/12/11/acr122upn532-nfc-card-emulation/

  24. NFC Emulation

  25. NFC Emulation RFIDIOt Library: https://github.com/AdamLaurie/RFIDIOt/

  26. NFC Emulation https://github.com/AdamLaurie/RFIDIOt/blob/master/pn532emulate.py

  27. Replay Attack

  28. Replay Attack NFC Token

  29. NFCopy Project

  30. NFCopy Project

  31. NFCopy Project

  32. NFCopy Project Raspberry Pi Zero Acr122 USB NFC Reader LiPo 3.7v 500mAh ZERO-LiPO

  33. NFCopy Characteristics ● Portable ● NFC Reader/Emulator ● WiFi Connectivity ● Customizable

  34. Replay - Demo

  35. Relay Attack

  36. Relay Scenario

  37. Relay Attack Inconvenients: Delays and Timeouts FDT = Frame Delay Time FWT = Frame Waiting Time WTX = Frame Waiting Time Extension “EMV specifies a limit of 500ms per transaction as a whole. However , a payment terminal is not required to interrupt a transaction if it takes longer.”

  38. Centinelas Project ● Raspberry Pi ● ZERO-LiPO ● Acr122 USB NFC Reader ● LiPo 3.7v 500mAh ● ZERO-LiPO ● CC1101 Transceiver

  39. Relay Attack: CC1101 Transceiver Price: $5 Frequencies(MHz): ● 315 ● 433 ● 868 ● 915 Modulations: ● GFSK(Default) ● MSK ● OOK

  40. Relay Attack: CC1101 & Raspberry Pi Dependencies: ● WiringPi(http://wiringpi.com/) ● Library: https://github.com/SpaceTeddy/CC1101

  41. Relay Attack: CC1101 & Raspberry Pi https://salmg.net/2017/09/20/cc1101-transceiver-raspberry-pi/

  42. Preparing a Relay Attack APDUs on Radio https://github.com/SpaceTeddy/CC1101

  43. Preparing Packet Payloads 77 60 82 02 20 40 9f 36 02 00 06 9f 26 08 05 81 c8 11 14 17 25 ba 9f 10 20 1f 4a 01 32 a0 00 00 00 00 10 03 02 73 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 5f 34 01 00 9f 6c 02 00 80 57 13 41 36 93 00 20 39 02 71 d2 31 22 01 00 00 05 12 99 99 5f 9f 6e 04 23 88 00 00 9f 27 01 80 90 00 = Length 200 Chunks <= 60 bytes 77 60 82 02 20 40 9f 36 02 00 06 9f 26 08 05 81 c8 11 14 17 25 ba 9f 10 20 1f 4a 01 32 a0 Payload 1 Payload 2 00 00 00 00 10 03 02 73 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 5f 34 01 00 9f 6c 02 00 80 57 13 41 36 93 00 20 39 02 71 d2 31 22 01 00 00 05 12 99 99 5f 9f 6e 04 Payload 3 Payload 4 23 88 00 00 9f 27 01 80 90 00

  44. Centinelas Characteristics ● 2 x NFC Readers/Emulators ● WiFi Connectivity ● Customizable ● Cheap ● SDR Support

  45. Relay - Demo

  46. Extracting Data from a Chip- And-Pin Card with NFC

  47. Extracting Chip-&-Pin EMV Data with NFC

  48. Extracting Chip-&-Pin EMV Data with NFC Raspberry Pi LiPo 3.7v 500mAh USB Smart Card Reader SCR3310V2 ZERO-LiPO CC1101 Transceiver

  49. Extracting EMV Data with NFC Demo

  50. Relay for Replay(RFR)

  51. NFC Fitbit Ionic Transaction (SE) 1/2 PoS: 00A404000E325041592E5359532E444446303100 # Select (PPSE)2PAY.SYS.DDF01 Fitbit: 6f5d840e325041592e5359532e4444463031a54bbf0c48611a4f07 a0000000031010 8701 019f2a010342034650985f55025553611a4f07a00000009808408701029f2a0103420346 50985f55025553610e4f09 a0000000980840 00018701039000 ---------- PoS: 00A4040007 A0000000031010 00 # Select AID Fitbit: 6f4f8407a0000000031010a544 9f38 1b9f66049f02069f03069f1a0295055f2a029a039c01 9f37049f4e14bf0c179f4d02140042034650985f550255539f5a051108400840500a56495 3412044454249549000 ---------- ...

  52. NFC Fitbit Ionic Transaction (SE) 2/2 PoS: 80A80000378335B2804000000000000100000000000000084000000000000840180217 00CAEE4758000000000000000000000000000000000000000000 #Get processing Fitbit: 776282020040940418010100 9f36 02 000b9f26 08 e631e8efb623e1a4 9f10201f4a040120 0000000010077056000000004000000000000000000000000000009f6c020080 57 13 465 0982981603487d24032010000000909999f 9f6e04248800009f2701809000 ---------- PoS: 00B2011C00 #Read SFI(Short File Identifier) file Fitbit: 70375f280208409f0702c0809f19060400100770565f340100 9f24 1d 56303031303031353 83137323434303738373336393131383738373235 9000 # Payment Account Reference (PAR)

  53. Relay for Replay(RFR) Challenge? Saved Cryptogram Declined! APDUer

  54. Relay for Replay(RFR) 776282020040940418010100 9f36 02 XXXX9f26 08 XXXXXXXXXXXXXXXX 9F10 201F4A280120000000001007705600000000400000000000000000000000000 0009F6C02008057134006884501032133D2409201000000 The ATC and Cryptogram are the only tags that change in each transaction

  55. Relay for Replay(RFR) 7762820200409404180101009f3602 ATC 9f2608 Cryptogram 9F10201F4A28012000000 00010077056000000004000000000000000000000000000009F6C02008057134006884 501032133D2409201000000 ATC/Cryptogram 20 Bytes Smart Relay: transmitting the new ATC and Cryptogram only

  56. Saved Transaction - Centinela 1 RFRFITBIT = [ '6F23840E325041592E5359532E4444463031A511BF0C0E610C4F07A000000003101087010190 00', '6F468407A0000000031010A53B9F381B9F66049F02069F03069F1A0295055F2A029A039C019 F37049F4E14BF0C0D9F4D0214009F5A051108400840500B56495341204352454449549000', '776282020040940418010100 9f36 02', '9F10201F4A2801200000000010077056000000004000000000000000000000000000009F6C020 08057134006884501032133D2409201000000', '70375F280208409F0702C0009F19060400100770565F3401009F241D563030313030313338313 63237383031313132373538363934333937319000']

  57. First Phase PoS PPSE Computer 1 AID Visa AID? SFI... Challenge? Challenge? ATC/Cryptogram Yes Computer 2 Second Phase Challenge? Get Cryptogram ATC/Cryptogram SE & Check SFI Transmit it

  58. Relay for Replay(RFR) Demo

  59. New Technology

  61. https://www.nxp.com/products/identification-and-security/secure-car-access/ncx3320-automotive-grade-nfc-frontend-ic:NCx3320

  62. This Could Affect New Technology? ?

  63. WebUSB - NFC on Web Browser

  64. Experimental Web Platform Features

  65. https://twitter.com/justinribeiro

Recommend

NFC Payments: The Art of Relay &amp; Replay Attacks Who are we? Troopers 2018? NFC

NFC Payments: The Art of Relay &amp; Replay Attacks Who are we? Troopers 2018? NFC

NFC Payments: The Art of Relay &amp; Replay Attacks Who are we? Troopers 2018? NFC Replay/Relay @Netxing @L_AGalloway Content Terminology Replay Attack Intro to NFC Relay Attack EMV Flow Process Extracting

1.09k views • 65 slides
Defeating Relay Attacks in NFC Payments Serge Vaudenay COLE POLYTECHNIQUE FDRALE DE

Defeating Relay Attacks in NFC Payments Serge Vaudenay COLE POLYTECHNIQUE FDRALE DE

Defeating Relay Attacks in NFC Payments Serge Vaudenay COLE POLYTECHNIQUE FDRALE DE LAUSANNE http://lasec.epfl.ch/ SV 2014 distance-bounding SDTA 14 1 / 42 Relay Attacks 1 Distance-Bounding Protocols 2 3 Asymmetric DB Protocols

1.02k views • 42 slides
Replay, Relay and Inverse-Sybil Attacks on Proximity Tracing Apps Krzysztof Pietrzak 2020

Replay, Relay and Inverse-Sybil Attacks on Proximity Tracing Apps Krzysztof Pietrzak 2020

Replay, Relay and Inverse-Sybil Attacks on Proximity Tracing Apps Krzysztof Pietrzak 2020 Eurocrypt Rump Session, May 13th, Living Room Proximity Tracing . . . 8GD45AF3 8GD45AF3 . . . 8GD45AF3 Proximity Tracing . . . 8GD45AF3 8GD45AF3

223 views • 19 slides
CONTACTLESS PAYMENTS Joeri de Ruiter University of Birmingham (some slides borrowed from Tom

CONTACTLESS PAYMENTS Joeri de Ruiter University of Birmingham (some slides borrowed from Tom

CONTACTLESS PAYMENTS Joeri de Ruiter University of Birmingham (some slides borrowed from Tom Chothia) Overview EMV Protocol Attacks EMV-Contactless Protocols Attacks Demo Stopping relay attacks What is

863 views • 60 slides
Relay Attacks and Distance Bounding Protocols in RFID Environments Prof. Gildas Avoine

Relay Attacks and Distance Bounding Protocols in RFID Environments Prof. Gildas Avoine

Relay Attacks and Distance Bounding Protocols in RFID Environments Prof. Gildas Avoine Universit e catholique de Louvain, Belgium Information Security Group SUMMARY RFID Background Relay Attacks Countermeasures and Evolved Frauds

633 views • 40 slides
Relay Attacks and Distance Bounding Protocols in RFID Environments Prof. Gildas Avoine

Relay Attacks and Distance Bounding Protocols in RFID Environments Prof. Gildas Avoine

Relay Attacks and Distance Bounding Protocols in RFID Environments Prof. Gildas Avoine Universit e catholique de Louvain, Belgium Information Security Group SUMMARY RFID Background Relay Attacks Distance Bounding Protocols Conclusion

666 views • 53 slides
Relay Attacks and Distance Bounding Protocols Gildas Avoine Universit e catholique de Louvain,

Relay Attacks and Distance Bounding Protocols Gildas Avoine Universit e catholique de Louvain,

Relay Attacks and Distance Bounding Protocols Gildas Avoine Universit e catholique de Louvain, Belgium Workshop on Cryptography for the Internet of Things November 20 21, 2012, Antwerp, Belgium SUMMARY Relay Attacks Distance Bounding

349 views • 21 slides
A Formal Analysis for Capturing Replay Attacks in Cryptographic Protocols Han Gao 1 , Chiara

A Formal Analysis for Capturing Replay Attacks in Cryptographic Protocols Han Gao 1 , Chiara

ASIAN07 A Formal Analysis for Capturing Replay Attacks in Cryptographic Protocols Han Gao 1 , Chiara Bodei 2 , Pierpaolo Degano 2 , Hanne Riis Nielson 1 Informatics and Mathematics Modelling, Technical University of Denmark 1 Dipartimento di

435 views • 20 slides
Experiences on NFC Relay Attacks with Android: Virtual Pickpocketing Revisited e Vila ,

Experiences on NFC Relay Attacks with Android: Virtual Pickpocketing Revisited e Vila ,

Experiences on NFC Relay Attacks with Android: Virtual Pickpocketing Revisited e Vila , Ricardo J. Rodr guez Jos 594190@unizar.es, rj.rodriguez@unileon.es All wrongs reversed University of Zaragoza, Spain RIASC,

1.03k views • 53 slides
Distance Bounding for RFID Prof. Gildas Avoine Universit e catholique de Louvain, Belgium

Distance Bounding for RFID Prof. Gildas Avoine Universit e catholique de Louvain, Belgium

Distance Bounding for RFID Prof. Gildas Avoine Universit e catholique de Louvain, Belgium Information Security Group SUMMARY Relay Attacks Distance Bounding Protocols Discussion RELAY ATTACKS Relay Attacks Distance Bounding Protocols

330 views • 28 slides
Relay Attacks in EMV Contactless Cards with Android OTS Devices e Vila , Ricardo J. Rodr

Relay Attacks in EMV Contactless Cards with Android OTS Devices e Vila , Ricardo J. Rodr

Relay Attacks in EMV Contactless Cards with Android OTS Devices e Vila , Ricardo J. Rodr guez Jos pvtolkien@gmail.com, rj.rodriguez@unileon.es All wrongs reversed Computer Science and Research Institute of Systems

1.23k views • 57 slides
MicroScope: Enabling Microarchitectural Replay Attacks Dimitrios Skarlatos, Mengjia Yan, Bhargava

MicroScope: Enabling Microarchitectural Replay Attacks Dimitrios Skarlatos, Mengjia Yan, Bhargava

MicroScope: Enabling Microarchitectural Replay Attacks Dimitrios Skarlatos, Mengjia Yan, Bhargava Gopireddy, Read Sprabery, Josep Torrellas, and Christopher W. Fletcher Presented by Mengjia Yan MIT 6.888 Fall 2020 Why this paper? We have read

965 views • 42 slides
Practical Experiences on NFC Relay Attacks with Android Virtual Pickpocketing Revisited e Vila

Practical Experiences on NFC Relay Attacks with Android Virtual Pickpocketing Revisited e Vila

Practical Experiences on NFC Relay Attacks with Android Virtual Pickpocketing Revisited e Vila 1 and Ricardo J. Rodr Jos guez 2 1 DIIS, University of Zaragoza, Spain 2 Research Institute of Applied Sciences in Cybersecurity, University

337 views • 17 slides
Yasser F. O. Mohammad 2010.2.23 REMINDER 1: Active Attacks Masquerade Modification Replay DoS

Yasser F. O. Mohammad 2010.2.23 REMINDER 1: Active Attacks Masquerade Modification Replay DoS

Yasser F. O. Mohammad 2010.2.23 REMINDER 1: Active Attacks Masquerade Modification Replay DoS REMINDER 2: Security Services in X.800 Authentication 1. Pear entity authentication Data origin authentication Access Control 2.

618 views • 13 slides
Research Project I PROTECTING AGAINST RELAY ATTACKS FORGING INCREASED DISTANCE REPORTS Xavier

Research Project I PROTECTING AGAINST RELAY ATTACKS FORGING INCREASED DISTANCE REPORTS Xavier

SYSTEM AND NETWORK ENGINEERING MSc Research Project I PROTECTING AGAINST RELAY ATTACKS FORGING INCREASED DISTANCE REPORTS Xavier Torrent Gorjn xavier.torrentgorjon@os3.nl Supervisors: Paul van Iterson Jordi van

263 views • 23 slides
Do you have to reproduce the bug on the first replay attempt? PRES: Probabilistic Replay with

Do you have to reproduce the bug on the first replay attempt? PRES: Probabilistic Replay with

Do you have to reproduce the bug on the first replay attempt? PRES: Probabilistic Replay with Execution Sketching on Multiprocessors Soyeon Park , Yuanyuan Zhou University of California, San Diego Weiwei Xiong, Zuoning Yin, Rini Kaushik, Kyu H.

749 views • 29 slides
Relay Attacks on Passive Keyless Entry and Start Systems in Modern Cars Aurlien Francillon,

Relay Attacks on Passive Keyless Entry and Start Systems in Modern Cars Aurlien Francillon,

Relay Attacks on Passive Keyless Entry and Start Systems in Modern Cars Aurlien Francillon, Boris Danev, Srdjan apkun Monday February 7, 2011 System Security Group 1 Modern Cars Evolution Increasing amount of electronics in cars

552 views • 24 slides
2010 Relay for Life Seasons of Hope What is Relay for Life? Relay for Life is an annual event

2010 Relay for Life Seasons of Hope What is Relay for Life? Relay for Life is an annual event

2010 Relay for Life Seasons of Hope What is Relay for Life? Relay for Life is an annual event for the American Cancer Society It began in 1985, when Dr. Gordy Klatt, a surgeon in Tacoma, Washington, ran around a track for 24 hours to

351 views • 6 slides
June 5, 2020 Commonwealth Credit Review Replay Information Please note that a replay of the

June 5, 2020 Commonwealth Credit Review Replay Information Please note that a replay of the

The Commonwealth of Massachusetts Bond Financing Programs June 5, 2020 Commonwealth Credit Review Replay Information Please note that a replay of the investor broadcast associated with the following slides is available. The replay can be

716 views • 33 slides
November 13, 2020 Commonwealth Credit Review Replay Information Please note that a replay of the

November 13, 2020 Commonwealth Credit Review Replay Information Please note that a replay of the

The Commonwealth of Massachusetts Bond Financing Programs November 13, 2020 Commonwealth Credit Review Replay Information Please note that a replay of the investor broadcast associated with the following slides is available. The replay can be

436 views • 28 slides
February 7, 2020 Commonwealth Credit Review Replay Information Please note that a replay of the

February 7, 2020 Commonwealth Credit Review Replay Information Please note that a replay of the

The Commonwealth of Massachusetts Bond Financing Programs February 7, 2020 Commonwealth Credit Review Replay Information Please note that a replay of the investor broadcast associated with the following slides is available. The replay can be

854 views • 34 slides
Tor61 P P R2 Time Note on Relay Packets A relay does not look inside Relay cells unless

Tor61 P P R2 Time Note on Relay Packets A relay does not look inside Relay cells unless

Tor61 P P R2 Time Note on Relay Packets A relay does not look inside Relay cells unless it is the end of the circuit. Relay Cell Cell Arrives. Control Cell Type? Process Cell Am I the end No Yes of the circuit? Forward to

292 views • 15 slides
On Relaying NFC Payment Transactions using Android devices Pepe Vila Ricardo J. Rodrguez

On Relaying NFC Payment Transactions using Android devices Pepe Vila Ricardo J. Rodrguez

On Relaying NFC Payment Transactions using Android devices Pepe Vila Ricardo J. Rodrguez other title candidates Holystic relay attacks on NFC cyber- payments with Android mobile cloud phones ENE-FE-S relai con droides movibles

714 views • 45 slides
What is the National Traffic System (NTS)? The RELAY in American Radio Relay League

What is the National Traffic System (NTS)? The RELAY in American Radio Relay League

What is the National Traffic System (NTS)? The RELAY in American Radio Relay League (ARRL) Over 100 years old, started in 1915 as the formal ARRL system to relay messages around the country Transmit &amp; Receive Modes include

238 views • 12 slides

More recommend