nfc attacks
TRANSCRIPT
![Page 1: NFC attacks](https://reader036.vdocuments.net/reader036/viewer/2022081504/55669e79d8b42a78708b54f8/html5/thumbnails/1.jpg)
NFC attacks
By Peter Swedinwww.omegapoint.us
![Page 2: NFC attacks](https://reader036.vdocuments.net/reader036/viewer/2022081504/55669e79d8b42a78708b54f8/html5/thumbnails/2.jpg)
This presentation was made possible by the awesome research of
• Charlie Miller (Twitter sec team, Accuvant)• Verdult & Kooman (Radboud University,
SURFnet)• Eddie Lee (Blackwing Intelligence)
![Page 3: NFC attacks](https://reader036.vdocuments.net/reader036/viewer/2022081504/55669e79d8b42a78708b54f8/html5/thumbnails/3.jpg)
What is NFC?
• Set of communication protocols based on RFID (Basically all of the RFID standards plus P2P instructions)
• Runs in the frequency of 13.56Mhz• Range is usually less than 4cm • Narrow bandwidth (106, 212, 424 Kbits/s)
![Page 4: NFC attacks](https://reader036.vdocuments.net/reader036/viewer/2022081504/55669e79d8b42a78708b54f8/html5/thumbnails/4.jpg)
Active Vs. Passive
• Active, P2P– Both devices generates their own fields
• Passive (backwards compatible mode)– Initiating device generates carrier fields– Target device modulates existing field
![Page 5: NFC attacks](https://reader036.vdocuments.net/reader036/viewer/2022081504/55669e79d8b42a78708b54f8/html5/thumbnails/5.jpg)
Many usages
![Page 6: NFC attacks](https://reader036.vdocuments.net/reader036/viewer/2022081504/55669e79d8b42a78708b54f8/html5/thumbnails/6.jpg)
![Page 7: NFC attacks](https://reader036.vdocuments.net/reader036/viewer/2022081504/55669e79d8b42a78708b54f8/html5/thumbnails/7.jpg)
Android
![Page 8: NFC attacks](https://reader036.vdocuments.net/reader036/viewer/2022081504/55669e79d8b42a78708b54f8/html5/thumbnails/8.jpg)
Android Beam
![Page 9: NFC attacks](https://reader036.vdocuments.net/reader036/viewer/2022081504/55669e79d8b42a78708b54f8/html5/thumbnails/9.jpg)
Android Beam marketing buzz
• This is one of the most admired features of the android 4.0 ice cream sandwich update!
• The users can now share music, docs, videos, and photos just in a single tap!
• No need to pair the devices before exchanging the data, the new ICS had made it absolutely trouble-free!
![Page 10: NFC attacks](https://reader036.vdocuments.net/reader036/viewer/2022081504/55669e79d8b42a78708b54f8/html5/thumbnails/10.jpg)
![Page 11: NFC attacks](https://reader036.vdocuments.net/reader036/viewer/2022081504/55669e79d8b42a78708b54f8/html5/thumbnails/11.jpg)
Absolutely trouble-free
![Page 12: NFC attacks](https://reader036.vdocuments.net/reader036/viewer/2022081504/55669e79d8b42a78708b54f8/html5/thumbnails/12.jpg)
Smart poster
![Page 13: NFC attacks](https://reader036.vdocuments.net/reader036/viewer/2022081504/55669e79d8b42a78708b54f8/html5/thumbnails/13.jpg)
Remote shell
![Page 14: NFC attacks](https://reader036.vdocuments.net/reader036/viewer/2022081504/55669e79d8b42a78708b54f8/html5/thumbnails/14.jpg)
Bluetooth pairing(!)
![Page 15: NFC attacks](https://reader036.vdocuments.net/reader036/viewer/2022081504/55669e79d8b42a78708b54f8/html5/thumbnails/15.jpg)
Use NFC to pair with a Bluetooth speaker
![Page 16: NFC attacks](https://reader036.vdocuments.net/reader036/viewer/2022081504/55669e79d8b42a78708b54f8/html5/thumbnails/16.jpg)
Nokia N9 Bluetooth pairing
• Absolutely trouble free• Pair devices without user interaction• No need for PIN/Pwd• Does not have “Confirm sharing and
connecting” enabled • Bluetooth doesn´t even have to be turned on.
It will be switched on for you
![Page 17: NFC attacks](https://reader036.vdocuments.net/reader036/viewer/2022081504/55669e79d8b42a78708b54f8/html5/thumbnails/17.jpg)
Eddie Lee’s NFC proxy
• Android app to skim RFID credit cards• Using the app an attacker can steal CC
number, expiration date and CVV code• Replay this info to a RFID enabled POS device
![Page 18: NFC attacks](https://reader036.vdocuments.net/reader036/viewer/2022081504/55669e79d8b42a78708b54f8/html5/thumbnails/18.jpg)
NFC Proxy
![Page 19: NFC attacks](https://reader036.vdocuments.net/reader036/viewer/2022081504/55669e79d8b42a78708b54f8/html5/thumbnails/19.jpg)
Links
• NFC Proxy (Tool and Source) http://sourceforge.net/p/nfcproxy/
• Charlie Miller - NFC Attack Surface http://ia600505.us.archive.org/30/items/Defcon20Slides/DEFCON-20-Miller-NFC-Attack-Surface.pdf
• Verdult & Kooman – Practical attacks http://www.cs.ru.nl/~rverdult/Practical_attacks_on_NFC_enabled_cell_phones-NFC_2011.pdf
• Eddie Lee – NFC Hacking The Easy Wayhttp://www.blackwinghq.com/assets/labs/presentations/EddieLeeDefcon20.pdf
![Page 20: NFC attacks](https://reader036.vdocuments.net/reader036/viewer/2022081504/55669e79d8b42a78708b54f8/html5/thumbnails/20.jpg)
The End
Peter at omegapoint dot us