On the security issues of NFC enabled mobile phones. (7th December 2010)
- Record Type:
- Journal Article
- Title:
- On the security issues of NFC enabled mobile phones. (7th December 2010)
- Main Title:
- On the security issues of NFC enabled mobile phones
- Authors:
- Francis, Lishoy
Hancke, Gerhard
Mayes, Keith
Markantonakis, Konstantinos - Abstract:
- In this paper, we investigate the possibility that a Near Field Communication (NFC) enabled mobile phone, with an embedded secure element (SE), could be used as a mobile token cloning and skimming platform. We show how an attacker could use an NFC mobile phone as such an attack platform by exploiting the existing security controls of the embedded SE and the available contactless APIs. To illustrate the feasibility of these actions, we also show how to practically skim and emulate certain tokens typically used in payment and access control applications with a NFC mobile phone. We also discuss how to capture and analyse legitimate transaction information from contactless systems. Although such attacks can also be implemented on other contactless platforms, such as custom-built card emulators and modified readers, the NFC enabled mobile phone has a legitimate form factor, which would be accepted by merchants and arouse less suspicion in public. Finally, we propose several security countermeasures for NFC phones that could prevent such misuse.
- Is Part Of:
- International journal of internet technology and secured transactions. Volume 2:Number 3/4(2010)
- Journal:
- International journal of internet technology and secured transactions
- Issue:
- Volume 2:Number 3/4(2010)
- Issue Display:
- Volume 2, Issue 3/4 (2010)
- Year:
- 2010
- Volume:
- 2
- Issue:
- 3/4
- Issue Sort Value:
- 2010-0002-NaN-0000
- Page Start:
- 336
- Page End:
- 356
- Publication Date:
- 2010-12-07
- Subjects:
- near field communication -- NFC mobile phones -- security threats -- skimming attacks -- cloning attacks -- secure elements -- security countermeasures -- cell phones
Internet -- Security measures -- Periodicals
Computer security -- Periodicals
Information systems management -- Security measures -- Periodicals
Computer networks -- Security measures -- Periodicals
Information technology -- Security measures -- Periodicals
005.805 - Journal URLs:
- http://www.inderscience.com/jhome.php?jcode=ijitst ↗
http://www.inderscience.com/ ↗ - Languages:
- English
- ISSNs:
- 1748-569X
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - BLDSS-3PM
British Library STI - ELD Digital store - Ingest File:
- 8719.xml