NFC Payments: The Art of Relay & Replay Attacks
|
|
- Alan Horton
- 5 years ago
- Views:
Transcription
1 NFC Payments: The Art of Relay & Replay Attacks
2 Who am I? Security Co-founder of Women in Tech Fund (WomenInTechFund.org)
3 NFC Technology
4 RFID Spectrum (Radio Frequency Identification) NFC
5 NFC Technology 13.56MHz Passive mode Widely implemented ISO-14443A
6 NFC Technology
7 NFC Transaction (SE) 1/2 Terminal: 00A404000E E E #Select (PPSE)2PAY.SYS.DDF01 Fitbit: 6f5d840e e e a54bbf0c48611a4f07a f2a f a4f07a f2a f e4f09a Terminal: 00A A #Select AID Fitbit: 6f4f8407a a5449f381b9f66049f02069f03069f1a f2a029a039c01 9f37049f4e14bf0c179f4d f f5a a
8 NFC Transaction (SE) 2/2 Terminal: 80A B CAEE #Get processing Fitbit: f b9f2608e631e8efb623e1a49f10201f4a f6c d f9f6e f Terminal: 00B2011C00 #Leer SFI(Short File Identifier) Fitbit: 70375f f0702c0809f f f241d #Payment Account Reference (PAR)
9 EMV Flow Detect Card & Reset Verify Cardholder Process Online/Offline List Applications Processing Restrictions? Card answers processing Select Applications Manage Risk Completed Transaction Get Data Terminal -> Actions Authenticate Data Card -> Actions
10 Tokenization Process
11 Tokenization Process
12 Secure Element(SE) & Host Card Emulation(HCE)
13 SE & HCE Secure Element More than 20 years of development Smart Card Restricted Access Self Encryption Host Card Emulation Limited use keys Tokenization process Cloud cryptogram Transaction risk analysis
14 NFC - Fraud Vector
15 Motivations Low limits/but higher in other countries No additional cardholder verification From banks perspective, fraud considered an accepted risk NFC embedded in many IoT devices
16 Attacks in the Wild
17 Previous Work
18 Replay Attack(MasterCard)
19 Replay Attack(Visa) f f Turn the magstripe bit on (set AIP bytes to 0x0080) f
20 Previous Work DEFCON 20: NFC Hacking: The Easy Way 2 Android phones 1 Special System(Cyanogen) Communicating with WiFi Lag - > depending on network
21 Previous Work DEFCON 25: Man in the NFC 2 Boards(Client & Server) SDR Support Private Prototype Special Design
22 NFC Emulation
23 NFC Emulation + Acr122u (PN532)
24 NFC Emulation
25 NFC Emulation RFIDIOt Library:
26 NFC Emulation
27 Replay Attack
28 NF C Replay Attack Tok en
29 NFCopy Project
30 NFCopy Project
31 NFCopy Project
32 NFCopy Project Raspberry Pi Zero Acr122 USB NFC Reader LiPo 3.7v 500mAh ZERO-LiPO
33 NFCopy Characteristics Portable NFC Reader/Emulator WiFi Connectivity Customizable
34 Replay - Demo
35 Relay Attack APDUer
36 Relay Scenario
37 Relay Attack Inconvenients: Delays and Timeouts FDT = Frame Delay Time FWT = Frame Waiting Time WTX = Frame Waiting Time Extension EMV specifies a limit of 500ms per transaction as a whole. However, a payment terminal is not required to interrupt a transaction if it takes longer.
38
39 Centinelas Project Raspberry Pi ZERO-LiPO Acr122 USB NFC Reader LiPo 3.7v 500mAh ZERO-LiPO CC1101 Transceiver
40 Relay Attack: CC1101 Transceiver Price: $5 Frequencies(MHz): Modulations: GFSK(Default) MSK OOK
41 Relay Attack: CC1101 & Raspberry Pi Dependencies: WiringPi( Library:
42 Relay Attack: CC1101 & Raspberry Pi
43 Preparing a Relay Attack APDUs on Radio
44 Preparing Packet Payloads f f c ba 9f f 4a a f f 6c d f 9f 6e f = Length 200 Chunks <= 60 bytes f f c ba 9f f 4a a0 Payload f Payload f 6c d f 9f 6e 04 Payload f Payload 4
45 Centinelas Characteristics 2 x NFC Readers/Emulators WiFi Connectivity Customizable Cheap SDR Support
46 Relay - Demo
47 Extracting Data from a Chip-And-Pin Card with NFC
48
49
50 Extracting Chip-&-Pin EMV Data with NFC
51 Extracting Chip-&-Pin EMV Data with NFC Raspberry Pi LiPo 3.7v 500mAh USB Smart Card Reader SCR3310V2 ZERO-LiPO CC1101 Transceiver
52 Extracting Chip-&-Pin EMV Data with NFC
53 Extracting EMV Data with NFC Demo
54 Relay for Replay(RFR)
55 NFC Fitbit Ionic Transaction (SE) 1/2 PoS: 00A404000E E E #Select (PPSE)2PAY.SYS.DDF01 Fitbit: 6f5d840e e e a54bbf0c48611a4f07a f2a f a4f07a f2a f e4f09a PoS: 00A A #Select AID Fitbit: 6f4f8407a a5449f381b9f66049f02069f03069f1a f2a029a039c01 9f37049f4e14bf0c179f4d f f5a a
56 NFC Fitbit Ionic Transaction (SE) 2/2 PoS: 80A B CAEE #Get processing Fitbit: f b9f2608e631e8efb623e1a49f10201f4a f6c d f9f6e f PoS: 00B2011C00 #Read SFI(Short File Identifier) file Fitbit: 70375f f0702c0809f f f241d #Payment Account Reference (PAR)
57 Relay for Replay(RFR) Challenge? Saved Cryptogram APDUer Wrong!
58 Relay for Replay(RFR) f3602XXXX9f2608XXXXXXXXXXXXXXXX9F10 201F4A F6C D The ATC and Cryptogram are the only tags that change in each transaction
59 Relay for Replay(RFR) f3602ATC9f2608Cryptogram9F10201F4A F6C D ATC/Cryptogram 20 Bytes Smart Relay: transmitting the new ATC and Cryptogram only
60 Relay for Replay(RFR) Step 1: Sniffed transaction Step 2: Smart Relay ATC/Cryptogram 20 Bytes
61 Saved Transaction - Centinela 1 RFRFITBIT = [ '6F23840E E E A511BF0C0E610C4F07A ', '6F468407A A53B9F381B9F66049F02069F03069F1A F2A029A039C019 F37049F4E14BF0C0D9F4D F5A B ', ' f3602', '9F10201F4A F6C D ', '70375F F0702C0009F F F241D ']
62 First Phase PPSE? Computer 1 AID Challenge? Visa AID? SFI... Challenge? Yes Second Phase Computer 2 Challenge? SE ATC/Cryptogram Check SFI Get Cryptogram & Transmit it No ATC/Cryptogram PoS
63 Relay for Replay(RFR) Demo
64 New Technology
65
66
67
68 Could Affect New Technology??
69 Countermeasures
70 Countermeasures Introduce additional form of cardholder verification to determine proximity to PCD Distance bounding-protocols Timing delay restrictions through existing protocols
71 Distance-Bounding Protocols Terminal Card Transaction Initialization Attacker
72 Conclusions An attacker does not need specialized/sophisticated hardware or software to make fraudulent transactions. A mobile phone can be used as a simple sniffer, but a cheap device can be created to carry out a relay attack that could affect not only payment systems but the new NFC implementations in other areas. If companies keep designing their products without proper protections against relay/replay attacks, new implementations of NFC are likely to be affected for years to come.
73 Credits Adam Laurie Dr. Michael Roland Peter Fillmore Timur Yunusov Leigh-Anne Galloway
74 salmg.net
NFC Payments: The Art of Relay & Replay Attacks. Salvador Mendoza August 14, 2018
1 NFC Payments: The Art of Relay & Replay Attacks Salvador Mendoza August 14, 2018 2 Disclaimer This white paper is a shortened version of the actual research. Unfortunately, some techniques and exploitation
More informationRelay Attacks on Secure Elementenabled
Relay Attacks on Secure Elementenabled Mobile Devices Virtual Pickpocketing Revisited Michael Roland University of Applied Sciences Upper Austria,, Austria SEC2012 IFIP International Information Security
More informationSecurity of NFC payments
Security of NFC payments Olga Korobova Department of Computer Science University of Massachusetts Amherst Abstract Our research objective was to examine the security features implemented by the bank cards
More informationCh 9: Mobile Payments. CNIT 128: Hacking Mobile Devices. Updated
Ch 9: Mobile Payments CNIT 128: Hacking Mobile Devices Updated 4-24-17 Current Generation Scenarios Mobile banking apps NFC-based or barcode-based payment apps used by consumers to purchase goods Premium-rated
More informationFirst Data EMV Test Card Set. Version 1.30
First Data EMV Test Card Set.30 January, 2018 Disclaimer Information provided in this document describes capabilities available at the time of developing this document and information available from industry
More informationFirst Data EMV Test Card Set. Version 2.00
First Data EMV Test Card Set.00 February, 2018 Disclaimer Information provided in this document describes capabilities available at the time of developing this document and information available from industry
More informationDigital Payments Security Discussion Secure Element (SE) vs Host Card Emulation (HCE) 15 October Frazier D. Evans
Digital Payments Security Discussion Secure Element (SE) vs Host Card Emulation (HCE) 15 October 2014 Frazier D. Evans Evans_Frazier@bah.com There are four key areas that need to be investigated when talking
More information10/02/2015. Introduction PROTOCOL EXAMPLES. e-passport. e-passports contain an RFID tag.
Introduction PROTOCOL EXAMPLES Tom Chothia Intro. To Comp. Sec. This talk gives some example of protocol attacks from my research, and a research group in Cambridge. E-passports (me & Smirnov) Contactless
More informationSecure Element APIs and Practical Attacks on Secure Element-enabled Mobile Devices
Secure Element APIs and Practical Attacks on Secure Element-enabled Mobile Devices Michael Roland University it of Applied Sciences Upper Austria,, Austria WIMA 2012 NFC Research Track 11 April 2012, Monaco
More informationFirst Data Dual Interface EMV Test Card Set. Version 1.20
First Data Dual Interface EMV Test Card Set August, 2016 Disclaimer Information provided in this document describes capabilities available at the time of developing this document and information available
More informationCRASH AND PAY. Cloning and Fuzzing the NFC world. PAYMENT SECURITY CONSULTING
CRASH AND PAY Cloning and Fuzzing the NFC world. PAYMENT SECURITY CONSULTING WWW.PSCCO.COM.AU 15/09/2014 1 ABOUT ME Principle Consultant at Payment Security Consulting Banking, Payments, Certifications,
More informationPractical Attack Scenarios on Secure Element-enabled Mobile Devices
Practical Attack Scenarios on Secure Element-enabled Mobile Devices Michael Roland University it of Applied Sciences Upper Austria,, Austria 4 th International Workshop on Near Field Communication 13 March
More informationAttacks on NFC enabled phones and their countermeasures
Attacks on NFC enabled phones and their countermeasures Arpit Jain: 113050028 September 3, 2012 Philosophy This survey explains NFC, its utility in real world, various attacks possible in NFC enabled phones
More informationEMV Contactless Specifications for Payment Systems
EMV Contactless Specifications for Payment Systems Book C-5 Kernel 5 Specification Version 2.6 February 2016 Kernel 5 Spec v2.6 Legal Notice Unless the user has an applicable separate agreement with EMVCo
More informationSession 2: Understanding the payment ecosystem and the issues Visa Europe
Session 2: Understanding the payment ecosystem and the issues Visa Europe Agnes Revel Martineau VP, Head of Product Specifications, Standards and Industry Liaison ETSI 01st, July, 2014 Agenda You said
More informationInterac USA Interoperability EMV Test Card Set
Interac USA Interoperability EMV Test Card Set.00 April, 2018 Powered by Disclaimer Information provided in this document describes capabilities available at the time of developing this document and information
More informationAcquirer JCB Dual Interface EMV Test Card Set
Acquirer JCB Dual Interface EMV Test Card Set.00 July, 2018 Powered by Disclaimer Information provided in this document describes capabilities available at the time of developing and delivering this document
More informationFirst Data DCC Test Card Set. Version 1.30
First Data DCC Test Card Set.30 April, 2018 Disclaimer Information provided in this document describes capabilities available at the time of developing this document and information available from industry
More informationPrepaid Energy System
Prepaid Energy System Group 21 Youssef Ojeil (EE) Michael Cuervo (EE) MD.S. Rahaman (EE) Sahin Okur (EE) Sponsored by: Supervised by Dr. Chung-Yong Chan Goals and Objectives Alternative pre-paid solution
More informationAcquirer JCB EMV Test Card Set
Acquirer JCB EMV Test Card Set July, 2017 Powered by Disclaimer Information provided in this document describes capabilities available at the time of developing this document and information available
More informationNear Field Communication Security
Near Field Communication Security Thomas Patzke 22.04.2015 Who am I... Thomas Patzke (formerly Skora) Who am I... Thomas Patzke (formerly Skora) Started with security related topics somewhere in the 90s
More informationNFC Redux. Presenter: Nick von Dadelszen Date: 17 th November 2012 Company: Lateral Security (IT) Services Limited
NFC Redux Presenter: Nick von Dadelszen Date: 17 th November 2012 Company: Lateral Security (IT) Services Limited Company Lateral Security (IT) Services Limited Company Overview Founded in April 2008 by
More informationACS MobileMate (for Android)
ACS MobileMate (for Android) User Manual V1.01 Subject to change without prior notice Table of Contents 1.0. Introduction... 4 2.0. Specifications... 5 2.1. Supported Mobile Operating Systems... 5 2.2.
More informationCOMPGA12 1 TURN OVER
Applied Cryptography, COMPGA12, 2009-10 Answer ALL questions. 2 hours. Marks for each part of each question are indicated in square brackets Calculators are NOT permitted 1. Multiple Choice Questions.
More informationAdversary Models. CPEN 442 Introduction to Computer Security. Konstantin Beznosov
Adversary Models CPEN 442 Introduction to Computer Security Konstantin Beznosov why we need adversary models? attacks and countermeasures are meaningless without 2 elements of an adversary model objectives
More informationEMV Contactless Specifications for Payment Systems
EMV Contactless Specifications for Payment Systems Book C-6 Kernel 6 Specification Version 2.6 February 2016 pursuant to the EMVCo Terms of Use agreement found at www.emvco.com, as supplemented by the
More informationPayPass M/Chip 4. Card Technical Specification
PayPass M/Chip 4 Card Technical Specification Version 1.3.1 - September 2008 Proprietary Rights The information contained in this document is proprietary and confidential to MasterCard International Incorporated,
More informationFundamentals of Near Field Communication (NFC) Tvrtko Barbarić NXP Semiconductors
Fundamentals of Near Field Communication (NFC) Tvrtko Barbarić NXP Semiconductors Automotive Identification Wireless Infrastructure Lighting Industrial Mobile Consumer Computing Global player with local
More informationHacking challenge: steal a car!
Hacking challenge: steal a car! Your "local partner in crime" Sławomir Jasek IT security expert since 2005, and still loves this job Agenda BLE vs security How to hack the car New tool Vulnerabilities
More informationEMV Contactless Specifications for Payment Systems
EMV Contactless Specifications for Payment Systems Book B Entry Point Specification Version 2.6 July 2016 pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV is
More informationEMV Contactless Specifications for Payment Systems
EMV Contactless Specifications for Payment Systems Book C-7 Kernel 7 Specification Version 2.6 February 2016 February 2016 Page i Legal Notice Unless the user has an applicable separate agreement with
More informationSoftware Card Emulation in NFC-enabled Mobile Phones: Great Advantage or Security Nightmare?
Software Card Emulation in NFC-enabled Mobile Phones: Great Advantage or Security Nightmare? Michael Roland University of Applied Sciences Upper Austria,, Austria IWSSISPMU2012 International Workshop on
More informationApple Pay FREQUENTLY ASKED QUESTIONS
Apple Pay FREQUENTLY ASKED QUESTIONS At Park Bank, we want to make it easy and secure for you to use your credit card to make payments in stores and online. That s why we re pleased to offer Apple Pay
More informationACR38U-A4. Smart Card Reader. Technical Specifications V2.03. Subject to change without prior notice.
ACR38U-A4 Smart Card Reader Technical Specifications V2.03 Subject to change without prior notice Table of Contents 1.0. Introduction... 3 1.1. Working Principle of SAM... 3 2.0. Features... 4 3.0. Supported
More informationPayPass M-TIP Test Case User Guide. July 2014
PayPass M-TIP Test Case User Guide July 2014 Copyright The information contained in this manual is proprietary and confidential to MasterCard International Incorporated (MasterCard) and its members. This
More informationPractical EMV PIN interception and fraud detection
Practical EMV PIN interception and fraud detection Andrea Barisani Daniele Bianco 27 Unusual Car Navigation Tricks Injecting RDS-TMC Traffic Information
More informationPreface. Structure of the Book
When the first edition of this book was published back in 2008, the scope was anything to do with smart cards and security tokens in the widest sense. The aim was in fact to provide a complete story, looking
More informationACR1281U-C2. Card UID Reader. Reference Manual Subject to change without prior notice.
ACR1281U-C2 Card UID Reader Reference Manual 1.01 Subject to change without prior notice Table of Contents 1.0. Introduction... 3 2.0. Features... 4 3.0. Typical Applications... 5 4.0. Reference Documents...
More informationLet s Hack NFC. How does NFC work? How could we hack it? Where are the weaknesses? What are the security implications?
Geoffrey Vaughan Let s Hack NFC How does NFC work? How could we hack it? Where are the weaknesses? What are the security implications? Security Compass and NFC Currently we are devoting a lot of energy
More informationAPG8201 PINHandy
APG8201 PINHandy Units 2010-2013, 20th Floor Chevalier Commercial Centre 8 Wang Hoi Road, Kowloon Bay, HK Tel: +852-27967873 Fax: +852-27961286 info@acs.com.hk www.acs.com.hk Outline 1. Product Overview
More informationJR/T Translated English of Chinese Standard: JR/T
Translated English of Chinese Standard: JR/T0025.6-2013 www.chinesestandard.net Sales@ChineseStandard.net JR FINANCIAL INDUSTRY STANDARD OF THE PEOPLE S REPUBLIC OF CHINA ICS 35.240.40 A 11 Registration
More informationChapter 2 Basics. 2.1 Smartcards. This chapter summarizes basic concepts of smartcards, Near Field Communication (NFC) and payment cards.
Chapter 2 Basics This chapter summarizes basic concepts of smartcards, Near Field Communication (NFC) and payment cards. 2.1 Smartcards Smartcards are identification cards equipped with a microchip (integrated
More informationEvaluation of the feasible attacks against RFID tags for access control systems
Evaluation of the feasible attacks against RFID tags for access control systems Hristo Dimitrov & Kim van Erkelens University of Amsterdam February 4, 2014 1 / 20 Contents 1 Introduction 2 Background 3
More informationApplying recent secure element relay attack scenarios to the real world: Google Wallet Relay Attack
arxiv:1209.0875v1 [cs.cr] 5 Sep 2012 Technical Report Applying recent secure element relay attack scenarios to the real world: Abstract Michael Roland NFC Research Lab Hagenberg University of Applied Sciences
More informationSmart Cards and Authentication. Jose Diaz Director, Technical and Strategic Business Development Thales Information Systems Security
Smart Cards and Authentication Jose Diaz Director, Technical and Strategic Business Development Thales Information Systems Security Payment Landscape Contactless payment technology being deployed Speeds
More informationACR1251U-A1 USB NFC Reader with SAM Slot
ACR1251U-A1 USB NFC Reader with SAM Slot Technical Specifications V1.05 Subject to change without prior notice Table of Contents 1.0. Introduction... 3 2.0. Features... 4 3.0. Typical Applications... 5
More informationCommon Payment Application Contactless Extension CPACE. Functional Specification. Terminal Kernel
Common Payment Application Contactless Extension CPACE Functional Specification Terminal Kernel 12.07.2018 2016-2017-2018 Bancomat, Bancontact Company, BankAxept, Borica, Euro 6000, girocard/src, Groupement
More informationTransaction Response Code (iso-8583 Field 39)
Transaction Response Code (iso-8583 Field 39) ISO 8583 Financial transaction card originated messages Interchange message Part 3: Maintenance procedures for messages, data elements and code values either
More informationWebinar Tokenization 101
Webinar Tokenization 101 René M. Pelegero Retail Payments Global Consulting Group L.L.C December 15 th, 2014 Webinar Overview A description of tokenization and how the technology is being employed in the
More informationACR880 GPRS Portable Smart Card Terminal
ACR880 GPRS Portable Smart Card Terminal Technical Specifications Subject to change without prior notice Table of Contents 1.0. Introduction... 3 2.0. Features... 4 3.0. Supported Card Types... 5 3.1.
More informationNFC is the double click in the internet of the things
NFC is the double click in the internet of the things Name Frank Graeber, Product Manager NFC Subject 3rd Workshop on RFID Systems and Technologies Date 12.06.2007 Content NFC Introduction NFC Technology
More informationSecure Elements 101. Sree Swaminathan Director Product Development, First Data
Secure Elements 101 Sree Swaminathan Director Product Development, First Data Secure Elements Secure Element is a tamper resistant Smart Card chip that facilitates the secure storage and transaction of
More informationFirst Data U.S. Debit Test Card Set. Version 1.20
First Data U.S. Debit Test Card Set August, 2016 Disclaimer Information provided in this document describes capabilities available at the time of developing this document and information available from
More informationMTAT Applied Cryptography
MTAT.07.017 Applied Cryptography Smart Cards 2 University of Tartu Spring 2015 1 / 19 Security Model Parties involved in smart card based system: Cardholder Data owner Terminal Card issuer Card manufacturer
More informationVisa Inc Investor Day. Technology at Visa. Rajat Taneja EVP, Technology and Operations
Visa Inc. 2017 Investor Day Technology at Visa Rajat Taneja EVP, Technology and Operations Key Takeaways Technology is a vital pillar of Visa s business The Visa network is engineered to provide unmatched
More informationCommon Payment Application Contactless Extension CPACE. Functional Specification. CPACE for Dual Interface Cards
Common Payment Application Contactless Extension CPACE Functional Specification CPACE for Dual Interface Cards 18.10.2017 Groupement des Cartes Bancaires CB, ServiRed, SIBS MB, Sistema 4B. All rights reserved.
More informationPayPass Mag Stripe. Security Architecture
PayPass Mag Stripe Security Architecture Version 1.3 November 2007 Copyright The information contained in this manual is proprietary and confidential to MasterCard International Incorporated or one of
More information3. Why should I use Samsung Pay instead of my physical cards?
Overview 1. What is Samsung Pay? Samsung Pay is a secure and easy-to-use mobile payment service which can be used to make purchases almost anywhere. Leveraging a new proprietary technology called Magnetic
More informationRFID DEFCON 26 Vinnie Vanhoecke Lorenzo Bernardi
RFID Workshop @ DEFCON 26 Vinnie Vanhoecke Lorenzo Bernardi Page 1 Content Introduction RFID theory Basics Tools Protocols Mifare Challenges Page 2 RFID basics RFID theory: RFID basics RFID = Radio Frequency
More informationJrsys Mobile Banking Solutions
Jrsys Mobile Banking Solutions Jrsys International corp. James Wu Mobile PKI solutions 1.Mobile CA 2.Mobile RA 3.Mobile Signing and Validation Service CA Mobile Signature/ Encryption Mobile PKI Mobile
More informationDatenblatt / Specifications. ACR880 GPRS Portable Smart Card Terminal. idvation GmbH
Datenblatt / Specifications ACR880 GPRS Portable Smart Card Terminal Otto-Hesse-Straße 19 / T5 D-64293 Darmstadt Phone +49 6151 9926567 Fax +49 6151 3689296 Table of Contents 1.0. Introduction... 3 2.0
More informationHOW TO INTEGRATE NFC CONTROLLERS IN LINUX
HOW TO INTEGRATE NFC CONTROLLERS IN LINUX JORDI JOFRE NFC READERS NFC EVERYWHERE 28/09/2017 WEBINAR SERIES: NFC SOFTWARE INTEGRATION PUBLIC Agenda NFC software integration webinar series Session I, 14th
More informationACR38U-BMC. Smart Card Reader. Technical Specifications. Subject to change without prior notice
ACR38U-BMC Smart Card Reader Technical Specifications Subject to change without prior notice Table of Contents 1.0. Introduction... 3 1.1. Smart Card Reader... 3 1.2. Unique Casing... 3 1.3. Plug-and-Play...
More informationMobile Identity Management
Mobile Identity Management Outline Ideas Motivation Architecture Implementation notes Discussion Motivation 1 The mobile phone has become a highly personal device: Phonebook E-mail Music, videos Landmarks
More informationMobile Security Fall 2014
Mobile Security Fall 2014 Patrick Tague Class #8 NFC & Mobile Payment 1 Announcements Reminder: first group of SoW presentations will be today, starting ~1/2 way through class Written SoW is a separate
More informationNEAR FIELD COMMUNICATION
NEAR FIELD COMMUNICATION (GUIDED BY:MISS ANUJA V NAIR) BY: REJOY MENDEZ ROLL NO:24 S7 ECE OVERVIEW INTRODUCTION FEATURES OF NFC TECHNOLOGICAL OVERVIEW COMPARISON WITH OTHER TECHNOLOGY SECURITY ASPECTS
More informationACR38U PocketMate. Smart Card Reader. Technical Specifications. Subject to change without prior notice
ACR38U PocketMate Smart Card Reader Technical Specifications Subject to change without prior notice Table of Contents 1.0. Introduction... 3 1.1. Smart Card Reader... 3 1.2. Ingenious Design... 3 1.3.
More informationAPG8202 PINhandy 2 OTP Generator
APG8202 PINhandy 2 OTP Generator Technical Specifications Subject to change without prior notice Table of Contents 1.0. Introduction... 3 2.0. Features... 4 3.0. Typical Applications... 5 4.0. Technical
More informationJMY600 Series IC Card Module
MIFARE & ISO14443A & ISO14443B & ISO7816 & ISO15693 IC CARD MODULE JMY600 Series IC Card Module MIFARE DESfire Card Operation Guide (Revision 1.00) Jinmuyu Electronics Co., LTD April 7, 2015 Please read
More informationHacking new NFC cards
Hacking new NFC cards NTAG2x, Ultralight EV1/C, Desfire EV2, ISO-15693, meal EMV cards abyssal see #brmlab IRC for contact 6.12.2018 New cards Mifare Ultralight C, Ultralight EV1 descendant of simple Ultralight
More informationACR128U Dual- Interface Reader
ACR128U Dual- Interface Reader Technical Specifications Subject to change without prior notice Table of Contents 1.0. Introduction... 3 2.0. Features... 4 3.0. Typical Applications... 5 4.0. Technical
More informationACR1255U-J1 Secure Bluetooth NFC Reader
ACR1255U-J1 Secure Bluetooth NFC Reader Technical Specifications V1.07 Subject to change without prior notice Table of Contents 1.0. Introduction... 3 1.1. Smart Card Reader... 3 1.2. Compact Design...
More informationPro s and con s Why pins # s, passwords, smart cards and tokens fail
Current Authentication Methods Pro s and con s Why pins # s, passwords, smart cards and tokens fail IDENTIFYING CREDENTIALS In The Physical World Verified by Physical Inspection of the Credential by an
More informationDr. Char-Shin Miou Chunghwa Telecom. Co. April 7, 2011
Mobile Security Application Current Status Overview in Taiwan Dr. Char-Shin Miou Chunghwa Telecom. Co. April 7, 2011 Content Problems and Current Status Approach for the Mobile Security Application Mobile
More informationSpoofing iclass and iclass SE
Introduction The concept of emulating (spoofing) security access cards has become more and more difficult with the introduction of smart card technology. The older proximity based RFID access cards were
More informationACR1255U-J1. Secure Bluetooth NFC Reader. User Manual V1.02. Subject to change without prior notice.
ACR1255U-J1 Secure Bluetooth NFC Reader User Manual V1.02 Subject to change without prior notice Table of Contents 1.0. Introduction... 3 2.0. For ios... 4 2.1. Install the Bluetooth demo application...
More informationPwning KNX & ZigBee Networks
Pwning KNX & ZigBee Networks About US HuiYu Wu (Nicky) Bug Hunter Winner of GeekPwn 2015 Speaker of POC2017 http://www.droidsec.cn YuXiang Li (Xbalien) Major experience is in Mobile Security and found
More informationACR1252U. NFC Forum Certified Reader. Technical Specifications V1.03. Subject to change without prior notice.
ACR1252U NFC Forum Certified Reader Technical Specifications V1.03 Subject to change without prior notice Table of Contents 1.0. Introduction... 3 2.0. Features... 4 3.0. Typical Applications... 5 4.0.
More informationPower LogOn s Features - Check List
s s - Check List Versions The software is available in two versions, to meet the needs of all types and sizes of organizations. The list below indicates the features that are included in each version.
More informationNFC embedded microsd smart Card - Mobile ticketing opportunities in Transit
NFC embedded microsd smart Card - Mobile ticketing opportunities in Transit July 2017 By: www.smk-logomotion.com Introduction Presentation is describing NFC enabled microsd smart card (LGM Card) Technical
More informationSyscan Act like a spy. High/Low frequency attack & defense tools. Haoqi
Syscan360 2016 Act like a spy High/Low frequency attack & defense tools Haoqi Shan@360UnicornTeam 1 Agenda About us Quick Review of Attacks HackID Pro EMV Issues Card defender Tools Used Key takeaways
More informationRFID tags. Inductive coupling is used for. energy transfer to card transmission of clock signal data transfer
RFID 1 RFID tags RFID = Radio-Frequency IDentification RFID devices are called tags or transponders More powerful RFID tags can be called (contactless) smartcards Inductive coupling is used for energy
More informationUser Guide. mpos Readers RP350x & RP457c Mobile Payment Acceptance User Guide for Android
mpos Readers RP350x & RP457c Mobile Payment Acceptance User Guide for Android Disclosure Statements Confidential Notice The information contained herein is the property of Total System Services, Inc. (TSYS
More informationLeveraging the full potential of NFC to reinvent physical access control. Friday seminar,
Leveraging the full potential of NFC to reinvent physical access control Wireless@KTH Friday seminar, 2012-08-31 NFC (Near Field Communication) A new radio communication technology for mobile phones Uses
More informationAdversary Models. EECE 571B Computer Security. Konstantin Beznosov
Adversary Models EECE 571B Computer Security Konstantin Beznosov 1 why we need adversary models?! attacks and countermeasures are meaningless without 2 2 elements of an adversary model! objectives! obtain
More informationOptimised to Fail: Card Readers for Online Banking
PIN Optimised to Fail: Card Readers for Online Banking SecureBank Inc. login: Vic Tim code: 7365 5748 PIN $20 Saar Drimer Steven J. Murdoch Ross Anderson www.cl.cam.ac.uk/users/{sd410,sjm217,rja14} Computer
More informationHCE security implications. Analyzing the security aspects of HCE
HCE security implications Analyzing the security aspects of HCE January 8th, 2014 White paper - HCE security implications, analyzing the security aspects of HCE HCE security implications About the authors:
More informationACR38 Smart Card Reader
ACR38 Smart Card Reader Technical Specifications Subject to change without prior notice Table of Contents 1.0. Introduction... 3 2.0. Smart Card Reader Features... 4 3.0. Smart Card Support... 5 3.1. MCU
More informationTOP RISK CONCERNS MERCHANT DATA BREACHES. Presented by Ann Davidson, VP of Risk Consulting at Allied Solutions
TOP RISK CONCERNS MERCHANT DATA BREACHES Presented by Ann Davidson, VP of Risk Consulting at Allied Solutions Today s Webinar Will Cover: Current state of merchant data breaches Impact of merchant data
More informationCard Issuance/Encoding & PIN Pads
Card Issuance/Encoding & PIN Pads From Card Issuance to Card Security Card Issuance/Encoding & PIN Pads Card issuers know they can put their trust in Mag- Tek. Whether meeting the growing need for instant,
More informationMultifunctional Identifiers ESMART Access
AIR TAG Multifunctional Identifiers ESMART Access Contents ESMART Access technology 4 Key advantages of ESMART Access 6 Multifunctional identifiers ESMART Access 8 AIRTAG RFID keyfobs 9 Silicone RFID
More informationIntroduction to Electronic Identity Documents
Tutorial Introduction to Electronic Identity Documents Klaus Schmeh cryptovision I'm Klaus Schmeh, Chief Editor Marketing at cryptovision. I have published a number of books. Identity Documents Conventional
More informationScalable Security solutions to enable Cyber Security and to manage Digital Identities
Scalable Security solutions to enable Cyber Security and to manage Digital Identities It s all about managing identities GIC@CeBIT 2017 International Cyber Security Conference Axel Deininger 20.03.2017
More informationPayment Security: Attacks & Defences
Payment Security: Attacks & Defences Dr Steven J Murdoch University College London COMPGA03, 2014-12-02 UK fraud is going up again Chip & PIN deployment period Losses ( m) 0 50 100 150 200 250 300 Card
More informationACR38U-I1. Smart Card Reader. Technical Specifications V1.11. Subject to change without prior notice.
ACR38U-I1 Smart Card Reader Technical Specifications V1.11 Subject to change without prior notice Table of Contents 1.0. Introduction... 3 1.1. Smart Card Reader... 3 1.2. Modern Design... 3 1.3. Ease
More informationACR120 Technical Specifications Version 4.00
Datenblatt / Specifications ACR120 Contactless Reader/Writer Otto-Hesse-Straße 19 / T5 D-64293 Darmstadt Phone +49 6151 9926567 Fax +49 6151 3689296 1.0 Introduction The ACR120 is a compact and cost-effective
More informationISG Seminar 3 rd November Agenda for Lecture. Smart Cards with Contacts. Contact-less Smart Cards. From Smart Cards to NFC Smart Phone Security
ISG Seminar 3 rd November 2011 From Smart Cards to NFC Smart Phone Security Keith Mayes ISG Smart Card Centre (SCC) www.scc.rhul.ac.uk www.isg.rhul.ac.uk keith.mayes@rhul.ac.uk Agenda for Lecture Evolution
More informationRFID & NFC. Erik Poll. Digital Security Radboud University Nijmegen
RFID & NFC Erik Poll Digital Security Radboud University Nijmegen 1 RFID tags RFID = Radio-Frequency IDentification RFID devices are called tags or transponders More powerful RFID tags also called contactless
More informationSamsung Pay: Tokenized Numbers, Flaws and Issues
Samsung Pay: Tokenized Numbers, Flaws and Issues Salvador Mendoza July 7, 2016 Introduction Samsung Pay is a new method to make purchases over the latest line of Samsung smartphones devices. The goal is
More informationMobile NFC Services Opportunities & Challenges. NGUYEN Anh Ton VNTelecom Conference 31/10/2010
Mobile NFC Services Opportunities & Challenges NGUYEN Anh Ton VNTelecom Conference 31/10/2010 Agenda 1. Introduction 2. Mobile NFC Overview 3. NFC Ecosystem Key Findings 4. Main NFC challenges 5. What
More information