Software-Based Relay Attacks on Existing Applications

  • Michael RolandEmail author
Part of the T-Labs Series in Telecommunication Services book series (TLABS)


This chapter provides an analysis of Google Wallet and shows how the software-based relay attack scenario can been applied to it.


  1. 1.
    Drake, J.J., Oliva Fora, P., Lanier, Z., Mulliner, C., Ridley, S.A., Wicherski, G.: Android Hacker’s Handbook. Wiley, New York (2014)Google Scholar
  2. 2.
    EMVCo: EMV Contactless Specifications for Payment Systems—Book B: Entry Point Specification. Version 2.1 (2011)Google Scholar
  3. 3.
    Francis, L., Hancke, G.P., Mayes, K.E., Markantonakis, K.: Practical relay attack on contactless transactions by using NFC mobile phones. Cryptology ePrint Archive, Report 2011/618. (2011)
  4. 4.
    GlobalPlatform: Card Specification. Version 2.2.1 (2011)Google Scholar
  5. 5.
    Google: Android developer—Google Play developer help—developer registration. (2014). Accessed Dec 2014
  6. 6.
    Google: Google—application security—hall of fame—honorable mention. (2014). Accessed Dec 2014
  7. 7.
    Google: Google Wallet. (2012). Accessed Sept 2012
  8. 8.
    Google: Google Wallet—how it works—in-store. (2012). Accessed Sept 2012
  9. 9.
    Höbarth, S.: Android monkeys—get it, malware it, market it. Presentation at Hacking Night WS 2011. Hagenberg, Austria (2012)Google Scholar
  10. 10.
    Höbarth, S., Mayrhofer, R.: A framework for on-device privilege escalation exploit execution on Android. In: 3rd International Workshop on Security and Privacy in Spontaneous Interaction and Mobile Phone Use. San Francisco, CA, USA. (2011)
  11. 11.
    Mostowski, W., Pan, J., Akkiraju, S., de Vink, E., Poll, E., den Hartog, J.: A comparison of Java Cards: state-of-affairs 2006. CS-Report CSR 07–06, Technische Universiteit Eindhoven (2007)Google Scholar
  12. 12.
    Planck, S.: Google Wallet statistics roundup. NFC rumors. (2011)
  13. 13.
    Roland, M.: Google Wallet relay attack.
  14. 14.
    Roland, M.: Google Wallet relay attack (low quality).
  15. 15.
    Roland, M.: Applying recent secure element relay attack scenarios to the real world: Google Wallet relay attack. Comput. Res. Repository (CoRR), arXiv:1209.0875 (cs.CR) (2012).
  16. 16.
    Roland, M.: Software card emulation in NFC-enabled mobile phones: great advantage or security nightmare? In: 4th International Workshop on Security and Privacy in Spontaneous Interaction and Mobile Phone Use. Newcastle, UK. (2012)
  17. 17.
    Roland, M., Langer, J., Scharinger, J.: Applying relay attacks to Google Wallet. In: Proceedings of the Fifth International Workshop on Near Field Communication (NFC 2013). IEEE, Zurich, Switzerland (2013). doi: 10.1109/NFC.2013.6482441
  18. 18.
    Rubin, J.: Google wallet PIN vulnerability, post #5 on 9 Feb 2012 12:45 AM by J. Rubin (alias “miasma”). Thread on XDA Developers forum. (2012). Accessed Sept 2012
  19. 19.
    Rubin, J.: Google Wallet security: about that rooted device requirement... zveloBLOG. (2012)

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  1. 1.School of Informatics/Communications/MediaUniversity of Applied Sciences Upper AustriaHagenbergAustria

Personalised recommendations