``Potential Misuse of NFC Enabled Mobile Phones with Embedded ...

“Potential Misuse of NFC Enabled Mobile Phones
with Embedded Security Elements as Contactless
Attack Platforms”, RISC (ICITST) 2009.
Lishoy Francis, Gerhard Hancke, Keith Mayes and Konstantinos
Markantonakis
The Information Security Group Smart Card Centre,
Information Security Group,
Royal Holloway University of London,
Egham TW20 0EX, Surrey, United Kingdom.
10 November 2009 09:00

..
◮ Part I: Overview of NFC Enabled Mobile Phones.
◮ Part II: Proposed Security Attacks.
◮ Part III: Proposed Security Countermeasures.
◮ Part IV: Conclusions.

Part I
Part I
Overview of NFC Enabled Mobile Phones

Part I
.
Overview of NFC Enabled Mobile Phones
Objective:
To investigate the potential misuse of NFC (Near Field Communications)
enabled mobile phones with embedded Security Element (SE).
◮ NFC is a short range and standardised (ISO 18092) wireless
communications technology (adds contactless functionality to mobile
devices, e.g. mobile phones and PDAs).
◮ NFC enabled mobile phone can act both as a “contactless card” and
a “contactless reader” (supports ISO 14443, ISO 15693, FeliCa and
Mifare Standard).
◮ NFC finds applications in ticketing, banking, access control, etc and
is tipped to be the next ’click’.
◮ Three architectures currently exist, SE as embedded hardware
module; SE functionality integrated into the Subscriber Identity
Application module such as (U)SIM; SE as removable memory
component (Secure MMC, Secure SD).

Part I
.
A functional view of the NFC enabled Mobile Phone
showing relevant APIs and operational modes

Part I
.
Security of NFC
Secure Element (SE):
◮ controls the NFC based transactions,
establishes the trust between service
provider and the mobile phone.
◮ designed to provide a secure platform for
containing sensitive applications and key
material.
◮ The SE supports Java Card 2.2.1 (Java
Card Open Platform), Global Platform
2.1.1 & Mifare Standard emulation.
◮ The mobile phone vendor allows SE
“unlocking”, which sets the
authentication keyset to a known public
value.

Part I
.
Security of NFC
Related Contactless Security Attacks:
◮ Contactless token skimmers and emulators currently exist, but a
NFC phone platform offers distinct advantages in that it is a small,
mobile device and more importantly that is has an acceptable form
factor, i.e. it does not physically look like a skimmer or an emulator.
◮ Heydt-Benjamin et.al. 2007 (skimming, replay and relaying on
payment systems).
◮ E-passport clones (Steve Boggan article in Times, August, 2008).
◮ Designs for hardware emulators for ISO 14443 tokens (Carluccio
et.al., R. Verdult, 2006); & hardware skimmers, available for
purchase (OpenPCD.org; HF RFID Demo Tag, IAIK, Graz).
◮ We demonstrate how a NFC mobile phone can be configured as a
contactless reader which may be used as a contactless skimming
tool, and how the attacker can use the gathered information to
create a “clone” by emulating a token.

Part I
.
NFC Enabled Mobile Phone as a Contactless Card & as a
Contactless Reader
NFC Enabled Mobile Phone as a Contactless Card:
◮ The SE supports Java Card 2.2.1 (Java Card Open Platform),
Global Platform 2.1.1 & Mifare Standard emulation.
◮ The mobile phone vendor allows SE “unlocking”, which sets the
authentication keyset to a known public value.
◮ SE communicates with the NFC controller, the external reader
device and the applications installed on the mobile phone through
well defined, and standardised, interfaces.
NFC Enabled Mobile Phone as a Contactless Reader:
◮ Nokia 6131 supports S40 platform, providing J2ME layer for MIDP
(Mobile Information Device Profile) 2.0 applications (MIDlets).
◮ Contactless reader mode uses JSR 257 API to communicate with
any external SE and if needed uses SATSA (JSR 177) API to
communicate with the internal SE.
◮ JSR 257 API Extensions allow NFC enabled mobile devices to
communicate in P2P mode.

Part II
Part II
Proposed Security Attacks

Part II
Proposed Security Attacks
NFC Enabled Mobile Phone as an Attack Platform
Practical Proof of Concept for the Proposed Attacks:
◮ Transaction Data Capture & Analysis.
◮
◮
Captured RF (Radio Frequency) communication between a
contactless card and a legacy contactless reader in our test system.
The test system is based on a ‘static authentication’ system.
◮ Developing the “Clone”.
◮
◮
◮
By default, the SE on 6131 is locked with the Issuer keyset.
Unlockable, the unlocking process sets the authentication keyset to a
known public values (keyset-42).
Java Card Applets which emulated the test application were loaded
and installed on the unlocked SE.
◮ Developing the Mobile Pick Pocketing Tool.
◮
◮
A MIDP (Mobile Information Device Profile) 2.0 application
(MIDlet) running on the mobile phone which reads (skims) the
contactless card.
No code signing was required to use the contactless APIs.

Part II
Proposed Security Attacks
NFC Enabled Mobile Phone as an Attack Platform
a) Custom-built Sniffer & Card
Emulator.
b) Skimming & Cloning using NFC
Mobile Phone.

Part III
Part III
Proposed Security Countermeasures

Part III
Proposed Security Countermeasures
Security Countermeasures
◮ Timing, RF Shielding may not work.
◮ Control measures on the NFC Secure Element (SE).
◮ Making code signing mandatory for NFC communications API.
◮ Securing the NFC Secure Element activity.
◮ Cryptographically linking the application to Unique Identifiers.
◮ Application Protocol with strong cryptography (for e.g. dynamic
authentication).

Part IV
Part IV
Conclusions

Part IV
Conclusions
Conclusions
◮ NFC enabled Mobile Phones are found to be easily configured as
Cloning, Skimming Platforms.
◮ Legitimate form-factor of mobile phone arouse less suspicion in the
public.
◮ Easily and freely available development tools.
◮ More security controls needed on the Secure Element.
◮ If not secured, the Secure Element (SE) embedded in certain NFC
mobile phones could become a platform for malicious software.
◮ In conclusion, our findings indicate that the embedded SE with the
existing security controls and the available contactless APIs could be
exploited to configure the mobile phone as a contactless attack
platform.