1 research outputs found
NFCGate: Opening the Door for NFC Security Research with a Smartphone-Based Toolkit
Near-Field Communication (NFC) is being used in a variety of
security-critical applications, from access control to payment systems.
However, NFC protocol analysis typically requires expensive or conspicuous
dedicated hardware, or is severely limited on smartphones. In 2015, the NFCGate
proof of concept aimed at solving this issue by providing capabilities for NFC
analysis employing off-the-shelf Android smartphones.
In this paper, we present an extended and improved NFC toolkit based on the
functionally limited original open-source codebase. With in-flight traffic
analysis and modification, relay, and replay features this toolkit turns an
off-the-shelf smartphone into a powerful NFC research tool. To support the
development of countermeasures against relay attacks, we investigate the
latency incurred by NFCGate in different configurations.
Our newly implemented features and improvements enable the case study of an
award-winning, enterprise-level NFC lock from a well-known European lock
vendor, which would otherwise require dedicated hardware. The analysis of the
lock reveals several security issues, which were disclosed to the vendor.Comment: Accepted to Usenix WOOT'20. Source Code and binaries available at
https://github.com/nfcgate/nfcgat