NFC Payments: The Art of Relay & Replay Attacks. Salvador Mendoza August 14, 2018

Similar documents
NFC Payments: The Art of Relay & Replay Attacks

Digital Payments Security Discussion Secure Element (SE) vs Host Card Emulation (HCE) 15 October Frazier D. Evans

Security of NFC payments

Ch 9: Mobile Payments. CNIT 128: Hacking Mobile Devices. Updated

Relay Attacks on Secure Elementenabled

NFC Redux. Presenter: Nick von Dadelszen Date: 17 th November 2012 Company: Lateral Security (IT) Services Limited

Samsung Pay: Tokenized Numbers, Flaws and Issues

Secure Element APIs and Practical Attacks on Secure Element-enabled Mobile Devices

Let s Hack NFC. How does NFC work? How could we hack it? Where are the weaknesses? What are the security implications?

Practical Attack Scenarios on Secure Element-enabled Mobile Devices

Frequently Asked Questions

Mobile Security Fall 2014

COMPREHENSIVE LIST OF CASHLESS FAQs (GUESTS)

Attacks on NFC enabled phones and their countermeasures

ACR1255U-J1. Secure Bluetooth NFC Reader. User Manual V1.02. Subject to change without prior notice.

ETHERNITY DECENTRALIZED CLOUD COMPUTING

QUICK REFERENCE GUIDE

ACS MobileMate (for Android)

Samsung Pay: Tokenized Numbers, Flaws and Issues

3 Citi Wallet Service - FAQ. 1) Get Started Q1. How can I become a 3 Citi Wallet user?

Online & Mobile Banking Pilot

Introduction Features... Installation

Jrsys Mobile Banking Solutions

Using Near-Field Communication for Remote Identity Proofing

Attacking Your Two-Factor Authentication (PS: Use Two-Factor Authentication)

How Mobile is Reshaping Payments

EBOOK. Stopping Fraud. How Proofpoint Helps Protect Your Organization from Impostors, Phishers and Other Non-Malware Threats.

COMPGA12 1 TURN OVER

EMV Contactless Specifications for Payment Systems

10/02/2015. Introduction PROTOCOL EXAMPLES. e-passport. e-passports contain an RFID tag.

Navigate our app like a pro. How-to s, guides and more. Certified by J.D. Power* for providing An Outstanding Mobile Banking Experience.

Online Mobile Swipe Training

Multifunctional Identifiers ESMART Access

- Lessons Learnt in Asia. Dr. Jack C. Pan Watchdata Technologies

DIGITAL TECHNOLOGY An Evolution in the Payment Landscape. AMEX Digital Solutions

NFC embedded microsd smart Card - Mobile ticketing opportunities in Transit

NIS Platform Working Group 3 Individuals Digital Rights and Capabilities. Dr. Gisela Meister April

RFID tags. Inductive coupling is used for. energy transfer to card transmission of clock signal data transfer

RFID DEFCON 26 Vinnie Vanhoecke Lorenzo Bernardi

Adversary Models. CPEN 442 Introduction to Computer Security. Konstantin Beznosov

ANZ FASTPAY USER GUIDE

~150. #1 or #2 27M + $2.1B 35% ~5,300. Verifone Today: Facts And Figures. Active Countries. In Most Markets. Systems Installed. Revenue From Services

Will Mobile Phones Replace Cards?

AN Over-the-Air top-up with MIFARE DESFire EV2 and MIFARE Plus EV1. Document information

ACR3901U-S1. Secure Bluetooth Contact Card Reader. User Manual V1.01. Subject to change without prior notice.

WiFuzz: Detecting and Exploiting Logical Flaws in the Wi-Fi Cryptographic Handshake

WELCOME TO PM PAY GETTING STARTED

HCE security implications. Analyzing the security aspects of HCE

Disclaimer. This talk vastly over-simplifies things. See notes for full details and resources.

NEAR FIELD COMMUNICATION - THE FUTURE TECHNOLOGY FOR AN INTERACTIVE WORLD

The COMPLETE GUIDE NFC VERSION 1.0 PUBLISHED 09/13/18

TOP RISK CONCERNS MERCHANT DATA BREACHES. Presented by Ann Davidson, VP of Risk Consulting at Allied Solutions

Square Credit Card Reader Customer Service Phone Number

Notes on NFC ticket design on MIFARE Ultralight C (updated ) Tuomas Aura. Application is a data structure

SECURITY TRENDS & VULNERABILITIES REVIEW FINANCIAL SYSTEMS

DEFCON 26 - Playing with RFID. by Vanhoecke Vinnie

MOBILE WALLET TECHNOLOGIES: GLOBAL MARKETS. IFT070A April Priyanka Patel Project Analyst ISBN:

Applying recent secure element relay attack scenarios to the real world: Google Wallet Relay Attack

VirtualSwindle: An Automated Attack Against In-App Billing on Android

Disclaimer. This talk vastly over-simplifies things. See notes for full details and resources.

BML MobilePay FAQ. Page 1

Ensimag - 4MMSR Network Security Student Seminar. Bitcoin: A peer-to-peer Electronic Cash System Satoshi Nakamoto

Corey Benninger Max Sobell

Hacking challenge: steal a car!

Near Field Communication Security

Session 2: Understanding the payment ecosystem and the issues Visa Europe

Apple Pay FREQUENTLY ASKED QUESTIONS

User Guide. Accept EFTPOS, Visa and Mastercard payments on the go with Kiwibank QuickPay.

Threat Modeling against Payment systems

Software Card Emulation in NFC-enabled Mobile Phones: Great Advantage or Security Nightmare?

Online Services USER GUIDE. First Time Log In

Leveraging the full potential of NFC to reinvent physical access control. Friday seminar,

GLOBAL MOBILE PAYMENT METHODS: FIRST HALF 2016

Use Wallet on your iphone or ipod touch

Webinar Tokenization 101

We will divide the many telecom fraud schemes into three broad categories, based on who the fraudsters are targeting. These categories are:

Topics. Ensuring Security on Mobile Devices

WHITE PAPER. Bluetooth 4 LE: the only viable solution for next generation payments

Preface. Structure of the Book

Natural Security Alliance

Near Field Comunications

Introduction to Blockchain

9. E-Shop and Online Payment

MCB Lite FAQs What is MCB Lite? How do I apply for MCB Lite? Can I apply for MCB Lite without a valid CNIC?

Swipe Your Fingerprints! How Biometric Authentication Simplifies Payment, Access and Identity Fraud

Relay Attacks on Secure Element-enabled Mobile Devices?

Whitepaper Rcoin Global

Payment systems. Tuomas Aura CSE-C3400 Information security. Aalto University, autumn 2014

Bluetooth mobile solutions APPLICATION NOTE / FAQ. Page 1 on 24

All Your Payment Tokens Are Mine: Vulnerabilities of Mobile Payment Systems

State of US Mobile Payments (NFC)

User Guide. Accept EFTPOS, Visa and Mastercard payments on the go with Kiwibank QuickPay.

ANZ Mobile Pay Terms and Conditions and Licence Agreement for Android Devices

Credit Card/-i PIN & PAY - Frequently Asked Questions

MObIlE MOnEy PhoTo by istock

CompTIA Continuing Education (CE) User Guide

SECURING CORPORATE ASSETS WITH TWO FACTOR AUTHENTICATION

Instruction Manual. CT-4 High-Current Transformer

User Guide Mobile Point-of-Sale (mpos), Version 2.0

ADVANCED ATTACKS AGAINST MOBILE/IOT DEVICES

Transcription:

1 NFC Payments: The Art of Relay & Replay Attacks Salvador Mendoza August 14, 2018

2 Disclaimer This white paper is a shortened version of the actual research. Unfortunately, some techniques and exploitation bugs are not fixed yet. It is inadequate to release them without the proper fix from the vendors. However, some bug cases are already closed such as Google Pay. So it is completely detailed.

3 Content Introduction.....4 Replay attacks...5 Google Pay Tokens.6 The Issue........7 Relay Attacks......9 APDU on Radio.......10 References.........12

4 Introduction In the last few years, digital payment methods have had an incredible adoption rate in consumer devices around the world. Many big companies are adding NFC(Near Field Communication) support to all sorts of devices to allow consumers to make monetary transactions. Some of these companies are protecting themselves by implementing tokenization as part of the payment technology. However, it is well documented that it is possible to bypass these technologies using simple mechanisms. With all these changes in the NFC ecosystem, the information security field is not well prepared to protect against the increasing new attacks in this area. Relay and replay attacks are becoming more common in the payment industry. Getting more complex and sophisticated day by day. We are not just seeing simple skimming techniques but complex attack vectors that are a combination of technologies and implementations involving SDR(Software-Defined Radio), NFC, APDU(Application Protocol Data Unit), hardware emulation design, specialized software, tokenization protocols and social engineering. In this talk, we will discuss what these attacks are, or what kind of hardware or software could be implemented. Also we will talk about how anyone already has the hardware necessary to carry out one of these attacks or for $35 dollars someone can create a device to do so. Adding that we will show real scenarios where these technologies combined with RFID(Radio Frequency Identification) emulation could exploit any type of NFC transaction. But even worse, how the same attack methods could exploit new NFC implementations for years to come. This talk uses exploitation hardware and demos; the presentation will include SDR communication, RFID emulation, APDU communication, extraction of data from physical and digital cards.

5 Replay Attacks Replay attack is a technique where a malicious user could implement a device to intercept a NFC transaction and redeem it later, using other device or even in different location. Google Pay is the new version of Android Pay. This application implements cloud-validated cryptograms to make NFC transactions. On March, I found an important issue in the application which could be exploitable for malicious users to intercept and make fraudulent transactions. The applied solution of the vendor, in this case, Google Pay, was that my report has been closed without providing a fix. Vulnerability NFC(Near Field Communication) protocol is the technology that Google Pay integrated to make digital payments. By default, the protocol has different layers of security to avoid or protect its customers against replay or downgrade attacks. However, the actual implementation of Google Pay does not apply this countermeasure. When a person wants to make a NFC transaction with Google Pay, an attacker could intercept the NFC transaction. The malicious user can manipulate the intercepted transaction in different location and with different hardware as well. So, that intercepted transaction could be saved and replay it later with another device to make a payment, spending the money from the original Google Pay customer.

6 Google Pay Tokens Each Google Pay transaction is unique. Meaning that every token id is unique as well. If a transaction is not completed in a real PoS or terminal, the token id will keep increasing anyway. Example of a token incremental: Token 1: 12 34 56 78 12 34 56 78 D2 40 32 01 48 54 00 00 03 71 6F Token 2: 12 34 56 78 12 34 56 78 D2 40 32 01 48 54 00 00 04 14 1F Important: If a token is not used in a real transaction, that token could be used later because it is not expired or disposed which means a malicious user could implement it with another device such as NFCopy. Personal NFCopy Project The AIP The Application Interchange Profile(82) is in charge to state which level of security the NFC transaction will be implemented to validate a transaction. Basically, the AIP is a tag in the APDU communication which tells the PoS what kind of security the mobile device supports in NFC transaction. This type of information is generated in the communication process between Google Pay and the PoS using APDUs.

7 The Issue If an attacker intercepts a Google Pay transaction, he/she could be able to use a third-party application such as SwipeYours from Google Play store to generate a mag-stripe mode transaction. This Android app will generate a mag-stripe transaction(visa MSD) by changing the AIP values in the NFC connection with the minimum level of security. Because the intercepted Google Pay token implements a cloud-validated cryptogram and the EMV system accepts this type of data, the transaction can go through using this mechanism. Hardware How difficult is to design and make a tool that intercepted a Google Pay transaction and replay it? A malicious user can program an Arduino and a PN532 board to read the transaction and then emulate it in the terminal. The cost of this device is less than 10 dollars. Damage Range This issue in the payment network might affect different NFC wallets from different banks if they are applying the Intended Behavior methodology, and even worse, this could affect different countries as well. Proof of Concept In this PoC, I am running a Raspberry Pi Zero W with an Acr122u NFC reader which also works as emulator to behave as smart card after a Google Pay token is intercepted. NFCopy tool: https://salmg.net/2018/03/17/nfcopy-project/ Demo: https://www.youtube.com/watch?v=pomydepfie0

8 Timeline: 2018 03 17: Discovered 2018 04 10: Retest in different PoS 2018 04 21: Google Pay team notified 2018 04 21: Google received my bug report 2018 04 23: Bug accepted Assigned Priority: 1 Severity: 2 2018 04 26: Google feedback, bug not qualified for reward 2018 07 06: Google feedback, Won t Fix (Intended Behavior) 2018 07 24: Public report

9 Relay Attack The relay attack is a technique where a malicious user implements a man in the middle attack. The attacker(apduer) is capable to intercept, manipulate and change the transaction in real time to take advantage of it. In the left side, we have a device with NFC technology, capable to make digital transactions. In the right side, we have a PoS(Point of Sale System) with NFC technology as well. The APDUer could design an exclusive communication channel implementing SDR(Software-defined radio) instead of WiFi to avoid interruptions, lag or delays. EMV states that a NFC transaction has to be completed in 500ms, but the terminal is not restricted to finished the transaction if it takes longer. So this flexibility could be abused with many variable factors; the most important is the difficulty to design a time bounding protocol to protect this. Transceiver: CC1101 For this research, I used the CC1101 radio transmitter. It is cheap, small and easy to use with different devices like Arduino or Raspberry Pi.

10 The price of this device is between 4 and 6 dollars in different online stores. It also handles different frequencies and modulations: Frequencies(MHz): 315 433 868 915 Modulations: GFSK(Default) MSK OOK The main idea of using a transceiver is to avoid any delays in the communication and to make it as faster as possible. In this graph, we noticed two devices, one close to the PoS and the second close to the mobile device or smart card. Making a real-time connection requires time and the CC1101 has some limitations: it can only transmit 60 bytes per packet. This means that if we have a 200 APDU command, we should cut it in different chunks:

11 For Proof of Concept, I designed the Centinelas project: Hardware Raspberry Pi ZERO-LiPO Acr122 USB NFC Reader LiPo 3.7v 500mAh ZERO-LiPO CC1101 Transceiver The library implemented is https://github.com/spaceteddy/cc1101 The actual code to make the relay attack is not public, and it will not be until the vendors could have a countermeasure. Demo: https://www.youtube.com/watch?v=zk-eijwd14a

12 References Peter Fillmore: https://www.blackhat.com/docs/us-15/materials/us-15-fillmore-crash-pay-how-to-own -And-Clone-Contactless-Payment-Devices-wp.pdf Adam Laurie: https://github.com/adamlaurie/rfidiot Michael Roland: https://www.usenix.org/system/files/conference/woot13/woot13-roland.pdf

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback