Near Field CommunicationsSecurity Concerns and NFCProxy
Shane TurnerMaster of Science in Information Security
68-595 Information Security PracticumLewis UniversityApril 22, 2013
NFC Security - Introduction
Near Field Communication (NFC)• NFC is a short range wireless technology that allows communications to take
place between devices that either touch or are momentarily held close together.
• Frequency 13.56Mhz • Subset of RFID
• Range – usually less than 4cm• Narrow Bandwidth (106 to 424 Kbits/s)• Patented in 1983, ISO 14443 and ISO 7816
• First phone to use NFC – Nokia 6131• Nokia, Sony and Phillips formed the NFC Forum
NFC Security – How is NFC Used ?
Uses for NFC Technology• Digital Wallet (i.e. Google Wallet)
• Expect NFC smartphones to account for about 50 percent of the phone marketplace by 2014 [source: Popular Science]
• Info Tags or Smart Tags• A system called Personal Rosetta Stone that lets cemetery visitors pull information from chip-laden headstones
to read the life stories and obituaries of the deceased [source: Rosetta Stone].
• Movies Posters embedded with NFC chips will be able to link the user to the movie trailer or coupons that could be used at the theater.
• Gentags• Diagnostic skin tags that are affixed directly to the patient. These tags can monitor temperature, glucose levels
or ultraviolet light exposure and then send pertinent health information directly to a smartphone.
NFC Security – How is NFC Used ?
Uses for NFC Technology• NFC in your Car
• Car companies are using NFC technology for proximity sensors that allow you to unlock your car
• Push button start in cars as long as your NFC device is in the car.
• Hotels• NFC chips are embedded into devices that will unlock the door to your hotel room.
• At Work• NFC Devices used as access control devices allowing or disallowing access into secure areas.
NFC Security – How is NFC Used ?
Uses for NFC Technology• Virtual press kits and business cards (http://www.tapmy.biz/)
• Smartphones
• Information points such as posters
• Speakers, Headphones, various music players
• Cameras
• TV
• Appliances
• Computers
• Smart Meters for Utilities Companies
• Digital bubble gum machine
• Heart Monitor
• Wii U
• Public Transportation
NFC Security – Advantages of NFC
What are the Advantages of NFC?• Augmented Shopping Experience• Many Tech Companies are getting on board
• Other companies – McDonalds, Toys-R-Us, CVS, Home Depot, Radio Shack, Office Max, Walgreens, Sports Authority and many other retailers
• Quick and Easy access• Improved Customer Service• Real Time Updates
• Versatility• Safety
NFC Security – Risks
What are the Security Risks of NFC?• Sensitive Financial Data• Data confidentiality
• Eavesdropping
• Data Corruption
• Viruses
• Man-in-the-middle
• Lack of Education• Theft
NFC Security – NFCProxy Demonstration
NFCProxyDemonstration
NFC Security – NFCProxy
What is NFCProxy?• Proof of Concept Tool for Pentesters
• Demonstrates insecurities in near field communication and contactless credit cards.
• Demonstrated by Eddie Lee @ Defcon 20 (Security Researcher @ BlackWing Intelligence)
• Software developed by Igor Miladinovic.• Useful in NFC protocol analysis for further NFC security research. • Project was to create a pentest tool that could analyze RFID protocols and
proxy transactions using Android phones.
• Proxy transactions, Save transactions, Export transactions, PCD relay and Tag relay
NFC Security – NFCProxy Architecture
Architecture
NFCProxy
Normal
List of Acronyms• APDU - Application Protocol Data Unit• NFC – Near Field Communications• PCD - Proximity Coupling Device• POS - Point of Sale
NFC Security – NFCProxy Hardware
NFCProxy Hardware• A Proximity Coupling Device (PCD) such as one made by VivioPay• Two Android smartphones with NFC capabilities. For example; Galaxy S3,
Nexus S or Galaxy Nexus.• A contactless credit card.
NFC Security – NFCProxy Software
NFCProxy Software• NFCProxy which can be found at soundforge.net• CyanogenMod – custom ROM found at cyanogenmod.org
• Must be installed on smartphone used for Proxy Mode
• Android version 2.3 (Gingerbread) or newer running on the smartphones.
NFC Security – NFCProxy Setup
NFCProxy Setup• Must have a Wi-Fi connection to transport data.• Download and install NFCProxy Software to both smartphones.• Configure Wi-Fi Connection between phones.
• Have PCD unit powered on.
NFC Security – NFCProxy - Proxy Mode
Proxy Mode• Set up the smartphone (not running Cyanogen) in Relay mode near the credit
card you want to use for a transaction.• Go to the other smartphone that is running the Cyanogen custom ROM and
ensure NFCProxy is running in Proxy mode.• Relay mode opens up a network socket and waits for a network connection
from the other device running NFCProxy in proxy mode.
• With the Relay Mode smartphone, place it near the contactless credit card until NFCProxy displays the credit card information on the screen.
• Now send the information to the smartphone running in Proxy Mode.• With the smartphone running in Proxy Mode swipe the phone in front of the
PCD and you should hear an alert and see green light upon a successful transaction.
NFC Security – NFCProxy Credit Card Data
Credit Card Data
Credit Card Data Successful Transaction
NFC Security – NFCProxy - Proxy Mode
NFC
NFCWiFi (IP)
Proxy Mode
Set to REPLAY
Mode
Set to PROXY Mode
APDU
APDU
NFC Security – NFCProxy – Relay Mode
Relay Mode• Use smartphone running Cyanogen ROM• Open NFCProxy and set it in Replay mode. • Scan RFID credit card and acquire the information on card.
• Long click on the credit card information on the screen and then select the “REPLAY TAG” option at the top of the phone
• You should then see a letter “T” at the top of the screen.
• Place the smartphone in front of the credit card reader.• Credit Card reader should light up and beep if there is a successful transaction
NFC Security – NFCProxy - Relay Mode
NFC
NFC
RelayMode APDU
APDU
Set toRelay Mode
Walk to PCD
NFC Security – NFCProxy Discussion
Discussion / Lessons Learned• Both phones must be rooted
• Need correct tools to complete this process
• Install correct version Cyanogen Mod• Most current version is now working
• Point of Sale devices like the PCD units are easy to acquire• Able to acquire on EBay (VivioPay 4000 & VivioPay 4500)
• Local Wi-Fi connections easy to set up, long distance connection - some advanced networking skills needed (VPN knowledge)
• Acquiring an RFID credit Card.• Visa - PayPass
• Built in security from credit card companies• Attempts to scan the card out of sequence the card will be deactivated.
NFC Security – Vulnerabilities in Detail
Vulnerabilities • Credit Card skimming using NFCProxy
• Identity Theft
• Financial ruin
• Malware• Know Malware programs
• End of July 2012 – 5,000
• End of September 2012 - 51,500
• End of 2012 - 283,000
• Scanning of malicious NFC tags
• Can transfer your data if compromised
• 25% or 25,000,000 Android Devices are infected
NFC Security – Vulnerabilities in Detail
Vulnerabilities Continued• Google Apps
• 75% of malware-infected apps downloaded from Google Play [McAfee Mobile Security]
• One-in-six chance of downloading a risky app
• ¼ of these apps contain both malware and a suspicious URL capable of • Click fraud
• Phishing schemes
• McAfee Labs - found that 40% of malware misbehaved in a complex way• Hard to detect
• Take advantage of specific technology (NFC)
NFC Security – Mitigating NFC Security Risks
Mitigations • Needs to be a team effort – Proactive not Reactive
• NFC Forum Members
• Consumers
• Application Developers
• Manufactures
• Turn NFC off
• Do not use RFID credit Cards• Virus Protection on Smartphone• Use trusted / certified apps only
NFC Security – Questions
Questions?
NFC Security – Other Resources
Other NFC Resources Worth Mention • NFC Videos
• NFC Proxy Demo - http://www.youtube.com/watch?v=w_vYuLyfw3E
• Defcon 20 video, NFC Hacking: The Easy Way -http://www.youtube.com/watch?v=7ElZBI9PufY
• NFC Proxy – University of Texas at Austin - UT ComSoc -http://www.youtube.com/watch?v=Yjfc60LGjik
• Shmoocon 2012: Credit Card Fraud: The Contactless Generation Application Developers -http://www.youtube.com/watch?v=HRXb-FZ6WFM
• How NFC phones can steal your credit card info -http://www.youtube.com/watch?v=EKks3vfiy6Q
Thank You