nfc payments the art of relay replay attacks who are we
play

NFC Payments: The Art of Relay & Replay Attacks Who are we? - PowerPoint PPT Presentation

Aug 21, 2023 •434 likes •1.09k views

NFC Payments: The Art of Relay & Replay Attacks Who are we? Troopers 2018? NFC Replay/Relay @Netxing @L_AGalloway Content Terminology Replay Attack Intro to NFC Relay Attack EMV Flow Process Extracting

  1. NFC Payments: The Art of Relay & Replay Attacks

  2. Who are we? Troopers 2018? NFC Replay/Relay @Netxing @L_AGalloway

  3. Content ● Terminology ● Replay Attack ● Intro to NFC ● Relay Attack ● EMV Flow Process ● Extracting Chip’s ● Fraud Vector Data with NFC ● Previous Work ● Relay for Replay ● NFC Emulation ● New Technology

  4. Why clone a card when you can clone transactions from different cards?

  5. NFC Technology ● 13.56MHz ● Passive mode ● Widely implemented ● ISO-14443A

  6. NFC Adoption in Payments

  7. EMV Flow Process Verify Cardholder Detect Card & Reset Online/Offline Processing Card answers List Applications Restrictions? processing Completed Select Applications Manage Risk Transaction Terminal -> Actions Get Data Authenticate Data Card -> Actions

  8. Tokenization Process

  9. Secure Element(SE) & Host Card Emulation(HCE)

  10. SE & HCE Secure Element Host Card Emulation ● More than 20 years of ● Limited use keys development ● Tokenization process ● Smart Card ● Cloud cryptogram ● Restricted Access ● Transaction risk analysis ● Self Encryption

  11. NFC Technology

  12. NFC - Fraud Vector

  13. Motivations ● Low limits/but higher in other countries ● No additional cardholder verification ● Tokens have a reasonable lifetime associated with them ● From banks perspective, fraud considered an accepted risk ● Fraud can be really simple ● NFC embedded in everything

  14. Attacks in the Wild

  15. Previous Work

  16. Replay Attack(MasterCard) - 2013 https://www.usenix.org/system/files/conference/woot13/woot13-roland.pdf

  17. Replay Attack(Visa) - 2015 77 60 82 02 20 40 9f 36 02 00 06 9f ... 77 60 82 02 00 80 ... “Turn the magstripe bit on (set AIP bytes to 0x0080)” https://www.blackhat.com/docs/us-15/materials/us-15-Fillmore-Crash-Pay-How-To-Own-And-Clone-Contactless-Payment-Devices.pdf

  18. Previous Work DEFCON 20: NFC Hacking: The Easy Way ● 2 Android phones ● 1 Special System(Cyanogen) ● Communicating with WiFi ● Lag - > depending on network https://www.defcon.org/images/defcon-20/dc-20-presentations/Lee/DEFCON-20-Lee-NFC-Hacking.pdf

  19. Previous Work DEFCON 25: Man in the NFC ● 2 Boards(Client & Server) ● SDR Support ● Private Prototype ● Special Design https://media.defcon.org/DEF%20CON%2025/DEF%20CON%2025%20presentations/DEFCON-25-Haoqi-Shan-and-Jian-Yuan-Man-in-the-NFC.pdf

  20. NFC Emulation

  21. NFC Emulation + Acr122u (PN532) https://salmg.net/2017/12/11/acr122upn532-nfc-card-emulation/

  22. NFC Emulation

  23. NFC Emulation RFIDIOt Library: https://github.com/AdamLaurie/RFIDIOt/

  24. NFC Emulation https://github.com/AdamLaurie/RFIDIOt/blob/master/pn532emulate.py

  25. Replay Attack

  26. Replay Attack

  27. NFCopy Project Raspberry Pi Zero Acr122 USB NFC Reader LiPo 3.7v 500mAh ZERO-LiPO

  28. NFCopy Characteristics ● Portable ● NFC Reader/Emulator ● WiFi Connectivity ● Customizable

  29. Replay - Demo

  30. Relay Attack

  31. Relay Attack Inconvenients: Delays and Timeouts FDT = Frame Delay Time FWT = Frame Waiting Time WTX = Frame Waiting Time Extension “EMV specifies a limit of 500ms per transaction as a whole. However , a payment terminal is not required to interrupt a transaction if it takes longer.”

  32. Centinelas Project ● Raspberry Pi ● ZERO-LiPO ● Acr122 USB NFC Reader ● LiPo 3.7v 500mAh ● ZERO-LiPO ● CC1101 Transceiver

  33. Relay Attack: CC1101 Transceiver Price: $6 Frequencies(MHz): ● 315 ● 433 ● 868 ● 915 Modulations: ● GFSK(Default) ● MSK ● OOK

  34. Relay Attack: CC1101 & Raspberry Pi Dependencies: ● WiringPi(http://wiringpi.com/) ● Library: https://github.com/SpaceTeddy/CC1101

  35. Relay Attack: CC1101 & Raspberry Pi https://salmg.net/2017/09/20/cc1101-transceiver-raspberry-pi/

  36. Preparing a Relay Attack https://github.com/SpaceTeddy/CC1101

  37. Preparing Packet Payloads 77 60 82 02 20 40 9f 36 02 00 06 9f 26 08 05 81 c8 11 14 17 25 ba 9f 10 20 1f 4a 01 32 a0 00 00 00 00 10 03 02 73 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 5f 34 01 00 9f 6c 02 00 80 57 13 41 36 93 00 20 39 02 71 d2 31 22 01 00 00 05 12 99 99 5f 9f 6e 04 23 88 00 00 9f 27 01 80 90 00 = Length 200 Chunks <= 60 bytes 77 60 82 02 20 40 9f 36 02 00 06 9f 26 08 05 81 c8 11 14 17 25 ba 9f 10 20 1f 4a 01 32 a0 Payload 1 Payload 2 00 00 00 00 10 03 02 73 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 5f 34 01 00 9f 6c 02 00 80 57 13 41 36 93 00 20 39 02 71 d2 31 22 01 00 00 05 12 99 99 5f 9f 6e 04 Payload 3 Payload 4 23 88 00 00 9f 27 01 80 90 00

  38. Centinelas Characteristics ● 2 x NFC Readers/Emulators ● WiFi Connectivity ● Customizable ● Cheap ● SDR Support

  39. Relay - Demo

  40. Extracting Data from a Chip- And-Pin Card with NFC

  41. Extracting EMV Data with NFC

  42. Extracting EMV Data with NFC Raspberry Pi LiPo 3.7v 500mAh USB Smart Card Reader SCR3310V2 ZERO-LiPO CC1101 Transceiver

  43. Extracting EMV Data with NFC https://github.com/AdamLaurie/RFIDIOt/

  44. Extracting EMV Data with NFC Demo

  45. Relay for Replay(RFR)

  46. NFC Fitbit Ionic Transaction (SE) 1/2 PoS: 00A404000E325041592E5359532E444446303100 # Select (PPSE)2PAY.SYS.DDF01 Fitbit: 6f5d840e325041592e5359532e4444463031a54bbf0c48611a4f07 a0000000031010 8701 019f2a010342034650985f55025553611a4f07a00000009808408701029f2a0103420346 50985f55025553610e4f09 a0000000980840 00018701039000 ---------- PoS: 00A4040007 A0000000031010 00 # Select AID Fitbit: 6f4f8407a0000000031010a544 9f38 1b9f66049f02069f03069f1a0295055f2a029a039c01 9f37049f4e14bf0c179f4d02140042034650985f550255539f5a051108400840500a56495 3412044454249549000 ---------- ...

  47. NFC Fitbit Ionic Transaction (SE) 2/2 PoS: 80A80000378335B2804000000000000100000000000000084000000000000840180217 00CAEE4758000000000000000000000000000000000000000000 #Get processing Fitbit: 776282020040940418010100 9f36 02 000b9f26 08 e631e8efb623e1a4 9f10201f4a040120 0000000010077056000000004000000000000000000000000000009f6c020080 57 13 465 0982981603487d24032010000000909999f 9f6e04248800009f2701809000 ---------- PoS: 00B2011C00 #Read SFI(Short File Identifier) file Fitbit: 70375f280208409f0702c0809f19060400100770565f340100 9f24 1d 56303031303031353 83137323434303738373336393131383738373235 9000 # Payment Account Reference (PAR)

  48. Relay for Replay(RFR)

  49. Relay for Replay(RFR) 776282020040940418010100 9f36 02 XXXX9f26 08 XXXXXXXXXXXXXXXX 9F10 201F4A280120000000001007705600000000400000000000000000000000000 0009F6C02008057134006884501032133D2409201000000 The ATC and Cryptogram are the only tags that change in each transaction

  50. Relay for Replay(RFR) 7762820200409404180101009f3602 ATC 9f2608 Cryptogram 9F10201F4A28012000000 00010077056000000004000000000000000000000000000009F6C02008057134006884 501032133D2409201000000 20 Bytes

  51. Relay for Replay(RFR) Step 1: Sniffed transaction Step 2: Smart Relay 20 Bytes

  52. Saved Transaction - Centinela 1 RFRFITBIT = [ '6F23840E325041592E5359532E4444463031A511BF0C0E610C4F07A000000003101087010190 00', '6F468407A0000000031010A53B9F381B9F66049F02069F03069F1A0295055F2A029A039C019 F37049F4E14BF0C0D9F4D0214009F5A051108400840500B56495341204352454449549000', '776282020040940418010100 9f36 02', '9F10201F4A2801200000000010077056000000004000000000000000000000000000009F6C020 08057134006884501032133D2409201000000', '70375F280208409F0702C0009F19060400100770565F3401009F241D563030313030313338313 63237383031313132373538363934333937319000']

  53. Understanding the RFR PoS : 00A404000E325041592E5359532E444446303100 Fitbit : RFRFITBIT[0] #AID? ---------- PoS : 00A4040007 A0000000031010 00 Fitbit : RFRFITBIT[1] #SFI? ---------- PoS: 80A80000378335B2804000000000000100000000000000084000000000000840180217 00CAEE47580000000000000000000000000000000000000 #Request Centinela 2! Fitbit: RFRFITBIT[2]+ apduSDR + FITBIT[3] ---------- PoS : 00B2011C00 Fitbit : RFRFITBIT[4] #PAR

  54. PoS The RFR SE

  55. Relay for Replay(RFR) Demo

  56. New Technology

  58. https://www.nxp.com/products/identification-and-security/secure-car-access/ncx3320-automotive-grade-nfc-frontend-ic:NCx3320

  59. Could Affect New Technology? ?

  60. Countermeasures

  61. Countermeasures ● Introduce additional form of cardholder verification to determine proximity to PCD ● Distance bounding-protocols ● Timing through existing protocols

  62. Distance-Bounding Protocols Attacker Terminal Card Transaction Initialization

  63. Conclusions ● An attacker does not need specialized/sophisticated hardware or software to make fraudulent transactions. ● A mobile phone can be used as a simple sniffer, but a € 60 device can be created to carry out a relay attack that could affect not only payment systems but the new NFC implementations in other areas. ● If companies keep designing their products without proper protections against relay/replay attacks, new implementations of NFC are likely to be affected for years to come.

  64. Credits Adam Laurie Dr. Michael Roland Peter Fillmore Timur Yunusov

  65. Q & A @Netxing @L_AGalloway salmg.net leigh-annegalloway.com

Recommend

NFC Payments: The Art of Relay &amp; Replay Attacks Who am I? Security Researcher

NFC Payments: The Art of Relay &amp; Replay Attacks Who am I? Security Researcher

NFC Payments: The Art of Relay &amp; Replay Attacks Who am I? Security Researcher Samsung Pay Exploiting Mag-stripe info with Bluetooth audio Co-founder of Women in Tech Fund @Netxing (WomenInTechFund.org) Content

1.07k views • 73 slides
Defeating Relay Attacks in NFC Payments Serge Vaudenay COLE POLYTECHNIQUE FDRALE DE

Defeating Relay Attacks in NFC Payments Serge Vaudenay COLE POLYTECHNIQUE FDRALE DE

Defeating Relay Attacks in NFC Payments Serge Vaudenay COLE POLYTECHNIQUE FDRALE DE LAUSANNE http://lasec.epfl.ch/ SV 2014 distance-bounding SDTA 14 1 / 42 Relay Attacks 1 Distance-Bounding Protocols 2 3 Asymmetric DB Protocols

1.02k views • 42 slides
Replay, Relay and Inverse-Sybil Attacks on Proximity Tracing Apps Krzysztof Pietrzak 2020

Replay, Relay and Inverse-Sybil Attacks on Proximity Tracing Apps Krzysztof Pietrzak 2020

Replay, Relay and Inverse-Sybil Attacks on Proximity Tracing Apps Krzysztof Pietrzak 2020 Eurocrypt Rump Session, May 13th, Living Room Proximity Tracing . . . 8GD45AF3 8GD45AF3 . . . 8GD45AF3 Proximity Tracing . . . 8GD45AF3 8GD45AF3

223 views • 19 slides
CONTACTLESS PAYMENTS Joeri de Ruiter University of Birmingham (some slides borrowed from Tom

CONTACTLESS PAYMENTS Joeri de Ruiter University of Birmingham (some slides borrowed from Tom

CONTACTLESS PAYMENTS Joeri de Ruiter University of Birmingham (some slides borrowed from Tom Chothia) Overview EMV Protocol Attacks EMV-Contactless Protocols Attacks Demo Stopping relay attacks What is

863 views • 60 slides
Relay Attacks and Distance Bounding Protocols in RFID Environments Prof. Gildas Avoine

Relay Attacks and Distance Bounding Protocols in RFID Environments Prof. Gildas Avoine

Relay Attacks and Distance Bounding Protocols in RFID Environments Prof. Gildas Avoine Universit e catholique de Louvain, Belgium Information Security Group SUMMARY RFID Background Relay Attacks Countermeasures and Evolved Frauds

633 views • 40 slides
Relay Attacks and Distance Bounding Protocols in RFID Environments Prof. Gildas Avoine

Relay Attacks and Distance Bounding Protocols in RFID Environments Prof. Gildas Avoine

Relay Attacks and Distance Bounding Protocols in RFID Environments Prof. Gildas Avoine Universit e catholique de Louvain, Belgium Information Security Group SUMMARY RFID Background Relay Attacks Distance Bounding Protocols Conclusion

666 views • 53 slides
Relay Attacks and Distance Bounding Protocols Gildas Avoine Universit e catholique de Louvain,

Relay Attacks and Distance Bounding Protocols Gildas Avoine Universit e catholique de Louvain,

Relay Attacks and Distance Bounding Protocols Gildas Avoine Universit e catholique de Louvain, Belgium Workshop on Cryptography for the Internet of Things November 20 21, 2012, Antwerp, Belgium SUMMARY Relay Attacks Distance Bounding

349 views • 21 slides
A Formal Analysis for Capturing Replay Attacks in Cryptographic Protocols Han Gao 1 , Chiara

A Formal Analysis for Capturing Replay Attacks in Cryptographic Protocols Han Gao 1 , Chiara

ASIAN07 A Formal Analysis for Capturing Replay Attacks in Cryptographic Protocols Han Gao 1 , Chiara Bodei 2 , Pierpaolo Degano 2 , Hanne Riis Nielson 1 Informatics and Mathematics Modelling, Technical University of Denmark 1 Dipartimento di

435 views • 20 slides
Experiences on NFC Relay Attacks with Android: Virtual Pickpocketing Revisited e Vila ,

Experiences on NFC Relay Attacks with Android: Virtual Pickpocketing Revisited e Vila ,

Experiences on NFC Relay Attacks with Android: Virtual Pickpocketing Revisited e Vila , Ricardo J. Rodr guez Jos 594190@unizar.es, rj.rodriguez@unileon.es All wrongs reversed University of Zaragoza, Spain RIASC,

1.03k views • 53 slides
Distance Bounding for RFID Prof. Gildas Avoine Universit e catholique de Louvain, Belgium

Distance Bounding for RFID Prof. Gildas Avoine Universit e catholique de Louvain, Belgium

Distance Bounding for RFID Prof. Gildas Avoine Universit e catholique de Louvain, Belgium Information Security Group SUMMARY Relay Attacks Distance Bounding Protocols Discussion RELAY ATTACKS Relay Attacks Distance Bounding Protocols

330 views • 28 slides
Relay Attacks in EMV Contactless Cards with Android OTS Devices e Vila , Ricardo J. Rodr

Relay Attacks in EMV Contactless Cards with Android OTS Devices e Vila , Ricardo J. Rodr

Relay Attacks in EMV Contactless Cards with Android OTS Devices e Vila , Ricardo J. Rodr guez Jos pvtolkien@gmail.com, rj.rodriguez@unileon.es All wrongs reversed Computer Science and Research Institute of Systems

1.23k views • 57 slides
MicroScope: Enabling Microarchitectural Replay Attacks Dimitrios Skarlatos, Mengjia Yan, Bhargava

MicroScope: Enabling Microarchitectural Replay Attacks Dimitrios Skarlatos, Mengjia Yan, Bhargava

MicroScope: Enabling Microarchitectural Replay Attacks Dimitrios Skarlatos, Mengjia Yan, Bhargava Gopireddy, Read Sprabery, Josep Torrellas, and Christopher W. Fletcher Presented by Mengjia Yan MIT 6.888 Fall 2020 Why this paper? We have read

965 views • 42 slides
Practical Experiences on NFC Relay Attacks with Android Virtual Pickpocketing Revisited e Vila

Practical Experiences on NFC Relay Attacks with Android Virtual Pickpocketing Revisited e Vila

Practical Experiences on NFC Relay Attacks with Android Virtual Pickpocketing Revisited e Vila 1 and Ricardo J. Rodr Jos guez 2 1 DIIS, University of Zaragoza, Spain 2 Research Institute of Applied Sciences in Cybersecurity, University

337 views • 17 slides
Yasser F. O. Mohammad 2010.2.23 REMINDER 1: Active Attacks Masquerade Modification Replay DoS

Yasser F. O. Mohammad 2010.2.23 REMINDER 1: Active Attacks Masquerade Modification Replay DoS

Yasser F. O. Mohammad 2010.2.23 REMINDER 1: Active Attacks Masquerade Modification Replay DoS REMINDER 2: Security Services in X.800 Authentication 1. Pear entity authentication Data origin authentication Access Control 2.

618 views • 13 slides
Research Project I PROTECTING AGAINST RELAY ATTACKS FORGING INCREASED DISTANCE REPORTS Xavier

Research Project I PROTECTING AGAINST RELAY ATTACKS FORGING INCREASED DISTANCE REPORTS Xavier

SYSTEM AND NETWORK ENGINEERING MSc Research Project I PROTECTING AGAINST RELAY ATTACKS FORGING INCREASED DISTANCE REPORTS Xavier Torrent Gorjn xavier.torrentgorjon@os3.nl Supervisors: Paul van Iterson Jordi van

263 views • 23 slides
Do you have to reproduce the bug on the first replay attempt? PRES: Probabilistic Replay with

Do you have to reproduce the bug on the first replay attempt? PRES: Probabilistic Replay with

Do you have to reproduce the bug on the first replay attempt? PRES: Probabilistic Replay with Execution Sketching on Multiprocessors Soyeon Park , Yuanyuan Zhou University of California, San Diego Weiwei Xiong, Zuoning Yin, Rini Kaushik, Kyu H.

749 views • 29 slides
Relay Attacks on Passive Keyless Entry and Start Systems in Modern Cars Aurlien Francillon,

Relay Attacks on Passive Keyless Entry and Start Systems in Modern Cars Aurlien Francillon,

Relay Attacks on Passive Keyless Entry and Start Systems in Modern Cars Aurlien Francillon, Boris Danev, Srdjan apkun Monday February 7, 2011 System Security Group 1 Modern Cars Evolution Increasing amount of electronics in cars

552 views • 24 slides
2010 Relay for Life Seasons of Hope What is Relay for Life? Relay for Life is an annual event

2010 Relay for Life Seasons of Hope What is Relay for Life? Relay for Life is an annual event

2010 Relay for Life Seasons of Hope What is Relay for Life? Relay for Life is an annual event for the American Cancer Society It began in 1985, when Dr. Gordy Klatt, a surgeon in Tacoma, Washington, ran around a track for 24 hours to

351 views • 6 slides
June 5, 2020 Commonwealth Credit Review Replay Information Please note that a replay of the

June 5, 2020 Commonwealth Credit Review Replay Information Please note that a replay of the

The Commonwealth of Massachusetts Bond Financing Programs June 5, 2020 Commonwealth Credit Review Replay Information Please note that a replay of the investor broadcast associated with the following slides is available. The replay can be

716 views • 33 slides
November 13, 2020 Commonwealth Credit Review Replay Information Please note that a replay of the

November 13, 2020 Commonwealth Credit Review Replay Information Please note that a replay of the

The Commonwealth of Massachusetts Bond Financing Programs November 13, 2020 Commonwealth Credit Review Replay Information Please note that a replay of the investor broadcast associated with the following slides is available. The replay can be

436 views • 28 slides
February 7, 2020 Commonwealth Credit Review Replay Information Please note that a replay of the

February 7, 2020 Commonwealth Credit Review Replay Information Please note that a replay of the

The Commonwealth of Massachusetts Bond Financing Programs February 7, 2020 Commonwealth Credit Review Replay Information Please note that a replay of the investor broadcast associated with the following slides is available. The replay can be

854 views • 34 slides
Tor61 P P R2 Time Note on Relay Packets A relay does not look inside Relay cells unless

Tor61 P P R2 Time Note on Relay Packets A relay does not look inside Relay cells unless

Tor61 P P R2 Time Note on Relay Packets A relay does not look inside Relay cells unless it is the end of the circuit. Relay Cell Cell Arrives. Control Cell Type? Process Cell Am I the end No Yes of the circuit? Forward to

292 views • 15 slides
On Relaying NFC Payment Transactions using Android devices Pepe Vila Ricardo J. Rodrguez

On Relaying NFC Payment Transactions using Android devices Pepe Vila Ricardo J. Rodrguez

On Relaying NFC Payment Transactions using Android devices Pepe Vila Ricardo J. Rodrguez other title candidates Holystic relay attacks on NFC cyber- payments with Android mobile cloud phones ENE-FE-S relai con droides movibles

714 views • 45 slides
What is the National Traffic System (NTS)? The RELAY in American Radio Relay League

What is the National Traffic System (NTS)? The RELAY in American Radio Relay League

What is the National Traffic System (NTS)? The RELAY in American Radio Relay League (ARRL) Over 100 years old, started in 1915 as the formal ARRL system to relay messages around the country Transmit &amp; Receive Modes include

238 views • 12 slides

More recommend