This presentation was made possible by the awesome research of• Charlie Miller (Twitter sec team, Accuvant)• Verdult & Kooman (Radboud University, SURFnet)• Eddie Lee (Blackwing Intelligence)
What is NFC?• Set of communication protocols based on RFID (Basically all of the RFID standards plus P2P instructions)• Runs in the frequency of 13.56Mhz• Range is usually less than 4cm• Narrow bandwidth (106, 212, 424 Kbits/s)
Active Vs. Passive• Active, P2P – Both devices generates their own fields• Passive (backwards compatible mode) – Initiating device generates carrier fields – Target device modulates existing field
Android Beam marketing buzz• This is one of the most admired features of the android 4.0 ice cream sandwich update!• The users can now share music, docs, videos, and photos just in a single tap!• No need to pair the devices before exchanging the data, the new ICS had made it absolutely trouble-free!
Nokia N9 Bluetooth pairing• Absolutely trouble free• Pair devices without user interaction• No need for PIN/Pwd• Does not have “Confirm sharing and connecting” enabled• Bluetooth doesn´t even have to be turned on. It will be switched on for you
Eddie Lee’s NFC proxy• Android app to skim RFID credit cards• Using the app an attacker can steal CC number, expiration date and CVV code• Replay this info to a RFID enabled POS device
Links• NFC Proxy (Tool and Source) http://sourceforge.net/p/nfcproxy/• Charlie Miller - NFC Attack Surface http://ia600505.us.archive.org/30/items/Defcon20Slides/D EFCON-20-Miller-NFC-Attack-Surface.pdf• Verdult & Kooman – Practical attacks http://www.cs.ru.nl/~rverdult/Practical_attacks_on_NFC_e nabled_cell_phones-NFC_2011.pdf• Eddie Lee – NFC Hacking The Easy Way http://www.blackwinghq.com/assets/labs/presentations/E ddieLeeDefcon20.pdf