HARDWARE HACKING VILLAGE - NFC Payments: The Art of Relay & Replay Attacks

Video thumbnail (Frame 0) Video thumbnail (Frame 936) Video thumbnail (Frame 1652) Video thumbnail (Frame 2958) Video thumbnail (Frame 3528) Video thumbnail (Frame 4612) Video thumbnail (Frame 5123) Video thumbnail (Frame 5830) Video thumbnail (Frame 6602) Video thumbnail (Frame 7632) Video thumbnail (Frame 8364) Video thumbnail (Frame 9788) Video thumbnail (Frame 10689) Video thumbnail (Frame 11249) Video thumbnail (Frame 11904) Video thumbnail (Frame 13040) Video thumbnail (Frame 13624) Video thumbnail (Frame 14157) Video thumbnail (Frame 14738) Video thumbnail (Frame 15249) Video thumbnail (Frame 15941) Video thumbnail (Frame 17303) Video thumbnail (Frame 17818) Video thumbnail (Frame 18483) Video thumbnail (Frame 19155) Video thumbnail (Frame 19714) Video thumbnail (Frame 20361) Video thumbnail (Frame 21526) Video thumbnail (Frame 22359) Video thumbnail (Frame 23096) Video thumbnail (Frame 23618) Video thumbnail (Frame 24549) Video thumbnail (Frame 25217) Video thumbnail (Frame 26070) Video thumbnail (Frame 26650) Video thumbnail (Frame 27467) Video thumbnail (Frame 28015) Video thumbnail (Frame 28650) Video thumbnail (Frame 29468) Video thumbnail (Frame 30017) Video thumbnail (Frame 31363) Video thumbnail (Frame 32434) Video thumbnail (Frame 32994) Video thumbnail (Frame 33773) Video thumbnail (Frame 34342) Video thumbnail (Frame 34950) Video thumbnail (Frame 35502) Video thumbnail (Frame 36607) Video thumbnail (Frame 38223) Video thumbnail (Frame 38915)
Video in TIB AV-Portal: HARDWARE HACKING VILLAGE - NFC Payments: The Art of Relay & Replay Attacks

Formal Metadata

HARDWARE HACKING VILLAGE - NFC Payments: The Art of Relay & Replay Attacks
Title of Series
CC Attribution 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Release Date

Content Metadata

Subject Area
Information Multiplication sign Website Information security Computer font Information security Row (database) Magnetic stripe card
Implementation Scaling (geometry) Theory of relativity Dataflow Open source Key (cryptography) Database transaction Element (mathematics) Emulator Process (computing) Emulator Vector space Personal digital assistant Vector space Process (computing) Information security
Spectrum (functional analysis) Frequency Arithmetic mean Radio-frequency identification Radio-frequency identification Range (statistics) Database transaction Cartesian coordinate system Mereology Spectrum (functional analysis)
Point (geometry) Asynchronous Transfer Mode Characteristic polynomial Plastikkarte Database transaction Type theory Radical (chemistry) Process (computing) Personal digital assistant Telecommunication Booting Hydraulic jump Physical system Asynchronous Transfer Mode Thumbnail
Slide rule Computer cluster Computer file Gastropod shell Sheaf (mathematics) Database transaction Right angle Bit Process (computing) Database transaction Physical system
Purchasing Group action Token ring Multiplication sign Plastikkarte Physicalism Mass Database transaction Bit Electronic mailing list Group action Plastikkarte Cartesian coordinate system Database transaction Terminal equipment Number Process (computing) Vector space Selectivity (electronic) Process (computing) Information security Physical system
Android (robot) Physicalism Database transaction Plastikkarte Limit (category theory) Number Revision control Radical (chemistry) Emulator Software Internet service provider Process (computing) Point cloud
Key (cryptography) Token ring Characteristic polynomial Mathematical analysis Plastikkarte Database transaction Mathematical analysis Plastikkarte Mereology Database transaction Element (mathematics) Computer programming Element (mathematics) Emulator Process (computing) Emulator Vector space Smart card Encryption Key (cryptography) Process (computing) Encryption Point cloud
Personal identification number Addition Validity (statistics) Infinite conjugacy class property Formal verification Formal verification Limit (category theory) Perspective (visual) Graph coloring Product (business) Electronic signature Perspective (visual)
Database transaction Plastikkarte Staff (military)
Type theory Uniqueness quantification Execution unit Maxima and minima Energy level Database transaction Maxima and minima Bit Information security Number Cloning Magnetic stripe card
Server (computing) Simulation Server (computing) Software-defined radio Bit Client (computing) Limit (category theory) Prototype Emulator Spherical cap Whiteboard Whiteboard Prototype
Peer-to-peer Emulator Emulator Personal digital assistant Plastikkarte Configuration space Plastikkarte output Mereology Asynchronous Transfer Mode
Scripting language Emulator Emulator Maxima and minima Menu (computing) Right angle Software testing Asynchronous Transfer Mode Library (computing)
Radical (chemistry) Uniform resource locator Feedback Googol Database transaction Intercept theorem Physical system Software bug Vulnerability (computing)
Type theory Emulator Personal digital assistant Square number Moving average Energy level Database transaction Rule of inference Information security Magnetic stripe card Asynchronous Transfer Mode
Different (Kate Ryan album) Personal digital assistant Infinite conjugacy class property
Point (geometry) Emulator Emulator Infinite conjugacy class property Characteristic polynomial Screensaver Connectivity (graph theory) Voltmeter Portable communications device Connected space
Web page Personal digital assistant Different (Kate Ryan album) Demo (music) Physical law Virtual machine Energy level Database transaction Information security Asynchronous Transfer Mode
Radical (chemistry) Purchasing Moving average Database transaction Virtual machine
Radical (chemistry) Validity (statistics) Closed set Multiplication sign Hill differential equation Database transaction Bit Computer programming Metropolitan area network
Frame problem Radical (chemistry) Infinite conjugacy class property Database transaction Limit (category theory) Distance Database transaction Communications protocol Connected space 2 (number) Extension (kinesiology)
Module (mathematics) Frequency Frequency Different (Kate Ryan album) Software-defined radio System call Power (physics)
Configuration space Communications protocol Library (computing) Library (computing)
Emulator Demo (music) Multiplication sign Characteristic polynomial Projective plane Length Connectivity (graph theory) Computer worm Software-defined radio Ordinary differential equation Connected space
Radical (chemistry) Demo (music)
Metre Personal identification number Type theory Group action Moving average Plastikkarte Bit Plastikkarte Distance
Injektivität Module (mathematics) Characteristic polynomial Projective plane Smart card Physics Right angle Error message
Vorwärtsfehlerkorrektur Radical (chemistry) Demo (music) Block (periodic table) Demo (music) Plastikkarte Communications protocol Trigonometric functions Communications protocol Public key certificate Writing Connected space
Bit Element (mathematics)
Point (geometry) Reading (process) Chemical equation Chemical equation Multiplication sign Computer file Moment (mathematics) Sheaf (mathematics) Bit Database transaction Mereology Cartesian coordinate system Database transaction Element (mathematics) Radical (chemistry) Personal digital assistant Process (computing)
Radical (chemistry) Database transaction Client (computing) Cartesian coordinate system Database transaction Computer programming
Database transaction Plastikkarte Cartesian coordinate system Database transaction Element (mathematics)
Multiplication sign Demo (music) Computer Computer Plastikkarte Database transaction Computer Element (mathematics) 2 (number) Peer-to-peer Personal digital assistant Phase transition Information security
Proof theory Videoconferencing Database transaction Cartesian coordinate system Pivot element Element (mathematics)
Decision tree learning Database transaction Whiteboard Twitter
Asynchronous Transfer Mode Plastikkarte Device driver Personal digital assistant Telecommunication Encryption Key (cryptography) Maize Whiteboard Block (periodic table) EEPROM Diagram Communications protocol Compact space
Vector space Spherical cap Personal digital assistant Vector graphics Moving average Plastikkarte Bit Distance
Planning Web browser Computer Web browser Library (computing)
Scripting language Database transaction Web browser Product (business) Web 2.0 Peer-to-peer Graphical user interface Emulator Type theory Personal digital assistant Different (Kate Ryan album) Normed vector space Quantum Communications protocol Library (computing) Asynchronous Transfer Mode
Multiplication sign Mobile Web Data storage device Sound effect Database transaction Cartesian coordinate system Database transaction Product (business) Product (business) Type theory Film editing Software Computer hardware Software Computer hardware System programming Acoustic coupler Communications protocol Physical system
hello thank you to be here today we're going to start we're going to talk about NFC payments the art of relay and replay attacks basically Who am I I am a
security researcher as freelancer I'm working California I present here in DEFCON like three years ago about science and pay also Lightyear I present about selecting on Mike site information with Bluetooth audio this is my third time Def Con a row I probably co-founder a woman in tech font which basically is a foundation to help women come to a conference like security and technology costs basically
this tag in scale we can move transaction from one place to another and we are going to research about how we can implement replay attacks and relays using this technology and of course using open source tools to that in this case I'm using a same this device to move one transaction from one device from in this case and Samsung device acting as POS on a Samsung plate technology a little about the content of
this tag is about an intro to NFC we're going to talk about Emily floor process and also the crowd vector of this technology we are going to talk about all the previous work from Peter feel more on mr. Rowland also about NFC emulation which is one of the keys on this and this attacks replay attacks from in this case I'm going to use Google pay claw and related ties for any can advice implementing HTC or secure element for Apple pay also how we can strike chips data we play Mint in NFC a new attack that I call a relay for play I also call it as a small relay attacks and how this could affect new technology to come basically NFC technology it's
it's part like you can have two devices that they need to be close to each other to make a transaction or a communication between of them we're talking about tenten's 10 centimeters but that doesn't mean that we can make an application of this signal to communicate to devices in a lower range
and it sees in the high frequency and the RFID a spectrum basically as implementing passive technology one of
the characteristics are NFC technology and the payment systems is that implements 13 point 5 56 may hurt passive mode which basically it it needs an or device to boot up then or put jump on this case there it could be the cell phone or a smart card credit card is widely implemented basically many devices implement an FC and he used a ESO 14 4 3 8 in this particular case we are going to type it gets about Bank systems one of the main questions that
many people ask is how this process start basically when you approach to e terminal to make a payment the terminal is start the transaction not a smart car or the device like Apple pay or thumbs up a always the terminal start the communication with the devices for
example this say a transaction implementing the Fitbit at SmartWatch basically has to keep in mind how this works basically you are in the shell you test a comment and the system responds back it could be with right answer or wrong answer by basically it's in the way they works with for comments we can
make it my section basically this cow NFC works we're going to get in details about these transactions and a few slides a little bit about the emmys vlog
how this transaction works the POS detected the car to the smart card use the applications select applications get data implements the prop vectors also they manage risk some actions from the car and for the POS simultaneously and after that the complete transaction the completed transaction doesn't mean it could be successful transaction it could be a declined transaction but the transaction has to be finished some way or another
a little bit about the concession process basically tokenization process is how you convert a physical car to a we'll talk credit card this process basically is when you're making a payment with Samson pay let's say every time you make any purchase the system is generating a new card this is for to avoid fraud attacks for example if someone is able to intercept me talking he can use just for one time but not for more times the idea of this tokenization process to add security to the physical cards instead of using the physical car numbers we are using scramble data let's say how the technician process works
basically when you use your cell phone to make a payment it could be Apple pay or tons of way wherever the terminal detected talking on this talk and it sends the payment network and we have another party working on which basically the talk answer is provider which relates the talking with a physical physical car number after a pre-release the transaction is sent out to a bank and a accept or decline the transaction so the
technology about NFC basically we have secured limits for Apple pay some super hot scary Malaysian for Google pay the new version of Android pay some of the
characteristics of this technology is the secure element is more than 20 years implemented you get Smalltalk receipt actives and also he has self encryption stereo kitchen I mean you have two programs inside of it all the device so you can to alidade the transactions in the host card emulation are on our side we have limited use keys tokenization process club programs and transaction risk analysis and this part is like the google pay technology basically when you are you car to the google pay it downloads four or five tokens to your device and you can use these tokens to make payments after you finish this pile of tokens it announced much more more tokens so you can use them
then it's the protector the motivation
about this attack is because you have low limits by high earner countries basically a u.s. stole 50 in the United States did you move this 50.00 to another country depicted us to a Christian and value and another country do a company at the additional color validate verification which basically if with less than 50 you need a pin or a signature on anything like that and also from our perspective the products considered an acceptor is and the main thing is that NFC is implemented in many IOT devices attack is the while we
noticed a few years ago in 2015 one guy was in the Metro on the subway using a POS basically to make to get close to people and try to get the NFC transactions making offline transactions and after that he can validate him with who use in online transactions the
previous work about this NFC basically
mr. Rowland percent of other replay attack about master car in 2013 with he said if you implement the unit unique number to zero you can let's say guess it was going to be the CBC and in for for transactions three of them went through so it was a very good attack and
2015 Peter Fillmore percent and blackhat about how you can turn the masturbate and the IP instead of using all the security and the NFC transaction you can reduce it to the max type level which basically you can use this against the Visa Card
also violent the cap works I the previous were in Def Con Dodger the men in the NFC guys from from Asia present two boards which basically say was a client on a server which you can implement to make a relay attack using as the our technology basically it's a specific channel to make this did relay attack some of the limitations he was a private prototype and it has a special design
let's talk a little bit about NF simulation then a simulation is where
you can have a NFC reader and behaves like a smart card or like NFC basically NFC has three modes which is reader writer peer-to-peer communications and emulation mode and you can change the configuration of the reader to do different things so the art of this part
is how we can put the emulation mode in a NFC reader in this case is a ACR 122 basically you can initialize as target this NFC reader implementing some nasty comments or APD comments you can you you can see all these commands in the datasheet of this reader but thanks to
Adam Olivier he create a library which basically you have all the comments to this reader so you can put it right way into emulation mode also he has a Python
script to emulate something just for testing basically so having this idea
how we can make a replay attack a replay
attack basically is how we can block a transaction from a device to the POS or the point-of-sale systems of a terminal and we can intercept a talking intercept any token is like I can have the the transaction and replay later probably two or three hours later in different location so I present a bug to a Google
pay I discover a bug about that you can make replace and they will pay this year and I basically reported and the answer I got was it couldn't be fitted because it is in that behavior or the payment system basically the flexibility that we have in the system who gets to the vulnerabilities that we can find different devices so for example in this
case I'm going to make a replay attack I cap this rule pay device and I have a square device which I'm going to
validate transaction this one is a pocket chip which I have a CR 122 which basically is went to our reader initially to read a transaction from Google pay I'm going to capture the talkin on after that I'm going to put the same reader in emulation mode so I'm going to emulate a transaction using the square in this case m AP us to make a transaction for 1.0 1 and the transaction goes through basically this type of tag I'm using I get the transaction I'm basically converted to magnetic stripe data a transaction put in lower the levels of security of the NFC it could be with
different kind of devices this example was a pocket chip by it could be an RV no it could be a Raspberry Pi or any other devices in this case it's a
Raspberry Pi implement in a PM 532 chip which basically is very cheap around fifteen dollars but is deployed I make
it was called a nib copy basically the Raspberry Pi zero SCR 122 a leap of 3.7 volts and a booster which basically moves at three point eight bolts to 5 volts some of the characteristic of this
attack is that all these devices is portable is you have reader an emulator simultaneously you have Wi-Fi connectivity and of course it's customizable so let's try to make a
replayed Emma basically in this case
sorry I have a Google page and I'm going
to use a transaction but in different ATM and this case a grocery machine I'm going to capture the talk and a blue pay which in the same technique intercepting the transaction moving the law lowering the security level and the transaction I
make a payment and a terminal
this transaction goes through because we are implementing a I can say cryptogram that is already validated before which basically is going to go through the transaction
I collect out valid Reiki programs let's
talk a little bit about relay attacks relay attack is when you have it's a man in the middle and you have two notes which you clearly need two devices who are close to the NFC device and another one close to the MPs or POS or terminal which is going to make a transaction and the same in the same time that the nerd person is making them if we talk about
the distance between the two devices we can increase the resistance implementing ser for temple or Wi-Fi connectivity but many people start using SDR because you have a specific channel to make a relay attack some of the inconvenience of this
attacks that you have delays and timeouts and the protocol meba specifies that you can make you need to make a transaction than 500 milliseconds but that's enforced the terminal appears to finish the transactions in Vitek it takes longer which basically I can make transactions in 4.5 seconds without any problem that means if I'm making a relay it could take two or three seconds to make a transaction and it's going to go through for this for this hour probably
I make a call prior called sentinels which basically is the same kind of device I use for the NFC copy but I got a SDR transceiver which basically say CC 1101 the CC 1101 basically is a cheap
device five dollars anyway he has different frequencies different modulations I'm not using that one because it's powerful I'm using because it's cheap so you can try at home the
configuration to connect to the Raspberry Pi is very straightforward is using the SPI protocol but we notice that we have many cables so with sunny
as more or so you can prove and play with it
another inconvenience in the library of this CC 1101 is that you only can send 60 bytes in each packet so for example
if we have an a common apdu for 200 200 bytes we need to make chunks of it basically chunks of these two bytes we are in time and waiting time out this can attack but because they mep flexibility we can make a relay attack
so basically the characteristic of this project is that we have two readers and two emulator simultaneously Wi-Fi connectivity customizable a chip and we have a ser support which was pleased SEC 1101 so the demo of this attack
basically I'm using a dis device as mpos
inside Tina I terminal and I'm going to make her a relay attack you are going to see what it's an hour device that I'm getting this data which basically say a smart a smart car from visa sorry it's
kind of framing a little bit so you see it was very quickly transition implement in the air in less than one second you can have it all the data and we are talking about around 15 meters of distance so basically here is a nerd the annoyed device and the smart card is under it another type of attack I want
to talk about is how to extract data from chip and pin cards with using NFC if we think about it we have two
different Isis we have contact and contactless but they share the same apd layer which basically you can send comments from one technology to another and they are going to respond it could be wrong answer or right answer but they are going to respond it's like when you are making a SQL injection and you get this kinda errors and you know that something is there it's the same thing with APD you
for this project I change the reader instead of using the ACR 122 I'm using a USB is marker reader and I change the
protocol instead of using a block block byte protocol I'm using a bite to write protocol so let's play a demo to show
you how this works basically it's a
relay attack in this place we have the the car connected to the usb we have the ser connection to this device and this device the Samsung device is going to act as POS or terminal so I'm going to run it the M POS is going to start sending NFC comments and you can see a story in the chip a pink car data which could be useful to strike let's say there is si certificates but also data
like the name of the car which is user 2 and things like that so let's talk a little bit about relay for replay attacks basically relay for replay attacks how we can make a small relays if we talk about secure elements which is one of the med secure technologies
the main point about these technologies you cannot make a replay attack why because basically when you intercept a transaction it has equipped or a moment which basically say challenge that the terminal sends to the device and the device has to answer it correctly on the same time so in this particular case I'm using a Fitbit ionic I'm going to talk a little bit more about this and this part
where is the red tag which basically is a cryptogram section on the blue one which basically is the application transaction counter are the two only things that are changing in each transaction and the secure element so the question here is I intercept a
transaction and we when the terminal send me the challenge and I answer with a captured transaction is going to be a different key program or is known to be the right crater on so the transaction is going to be the client but who happening we intercept
the transaction and we make a relay gets using the cryptogram and application transaction counter so instead of making
a relay with one hundred and hundred of bytes we get to need 20 bytes which basically are the cryptogram and application transaction counter so let's
say I calculate a transaction from someone using secure element and I have I put it in one of the devices so let's
say they have computer while I'm computing two with a computer when the PS asked me for the PPC the computer is going to answer with a previous safe transaction another I got the challenge the computer one is going to send a challenge to computer to and the computer to the smart device and it's going to get it straight forward with a cryptogram and transmit it back to the peers so in this case I'm using the its previous savage data to have this time making the relay attack which basically improve it like in three seconds so instead of using like not let's say 3.5 seconds I can do it in 1.5 using this technique for secure element so
basically I cop a get smart watch they
pivot I already have a previous previous save transaction probably you can see in the back there which showed a videos and I'm able to run it using a secure element of this of this tool when I run instead of sending all the data back and forward I am because gets coming to get the cryptogram and application transaction counter and the transaction is a proof because the only thing they change in the transaction is a cryptogram and application transaction counter so if after all of these relay
and play attacks you think that you can make it better
probably you can use something like this which is more interesting very and you'd and Twitter you get was the person angry a transaction accepted so
about new technology we have need to
know you for the cars implementing NFC basically to get into the cart and some of the some of the board's I are
implementing uses NFC how this could affect this new technology to come quick if they are gonna not going to use a let's say in this case encryption and the communication we're going to have problems making relays and underplay attacks this is a protocol the board I
implement in the NSC 33:20 we basically they are in some cards already so I don't have the I think have the chance to test it but I would love to do it so
in your attack vectors we can make relay with a new technology like Laura's she's cheap
I'm very useful in this particular case I have a smart card I'm using a another device this Samson behaving as MPs and I could get the data from the car basically we using this technology with Laura you can cap kilometers of distance in some of the cases depending on how its setup also let's talk a little bit
about how you can use NFC and web browsers which is something that nobody talks about it many people if start
trying to work with AC are wanting to connect into the computer and trying to use in a library in the and their browsers but they have many plans to communicate with it I found a reason to I found that they
have experimental web product from the chrome that you can use USB and they have a specific library to do that and in this library they have support for our twinners already so what about instead of connecting directly the NFC reader what about we connect the NFC and Arduino and we communicate with the arena Arduino communicates with the NFC so basically it's very straightforward technology you can have basically terminal and the web browser and communicate with the NFC reader to put an emulation mode peer-to-peer communication or whatever so in this case we're going to read we're going to emulate an MC transaction using a web browser so in this case I'm going to run
a script using the Chrome and I can get a transaction very quickly so this is a new type of tag that you can use it in different web browser in this case chrome web browser some of the protocols
that probably could implement to to prevent this type of attacks distance around the protocols which is very difficult because you need to know the timing exactly when a transaction is happening and it's very difficult you have many different applications open already at the same time you're making a transaction the transaction can be really tough delay so it's very very difficult to do it why we need to basically say new update of the mev in the United States and all America continent by the prior the pawn is a cut where basically you make an update and the mev you need to replace all this coupler for all the stores which basically is very difficult third spencer's so some of the
conclusion of this tack an attacker that doesn't need a specialized sophisticate hardware or software to make foreign transactions a mobile phone can be used as simple as sniffer also you can user a player to make it transaction and these flexibility that we have the system if the companies keep designed this product with a proper protections against the new technology has come there are going to be effect for many years please you
have any questions of vertigo Sarika it doesn't matter which car it could be any kind of piece of car master covered so whatever I'm using worth Fargo because the only I have in my hand I needed spire so you can did you get it you can use it you any questions thank you thank you to be here Richard [Applause]