Abstract
This chapter provides an analysis of Google Wallet and shows how the software-based relay attack scenario can been applied to it.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
- 2.
- 3.
Since host-based card emulation was introduced to Android, recent versions of the wallet can use a cloud-based secure element in combination with host-based card emulation instead of an on-device secure element.
- 4.
An installation with version 1.5-R79-v5 of the Google Wallet app and version 1.6 of the on-card component installed in September 2012 reports the second credit card AID as A000000004 1010 AA539648FFFF00FFFF.
- 5.
AIDs A000000004 1010 and A000000004 1010 AA539648FFFF00FFFF.
References
Drake, J.J., Oliva Fora, P., Lanier, Z., Mulliner, C., Ridley, S.A., Wicherski, G.: Android Hacker’s Handbook. Wiley, New York (2014)
EMVCo: EMV Contactless Specifications for Payment Systems—Book B: Entry Point Specification. Version 2.1 (2011)
Francis, L., Hancke, G.P., Mayes, K.E., Markantonakis, K.: Practical relay attack on contactless transactions by using NFC mobile phones. Cryptology ePrint Archive, Report 2011/618. http://eprint.iacr.org/2011/618 (2011)
GlobalPlatform: Card Specification. Version 2.2.1 (2011)
Google: Android developer—Google Play developer help—developer registration. https://support.google.com/googleplay/android-developer/answer/113468 (2014). Accessed Dec 2014
Google: Google—application security—hall of fame—honorable mention. http://www.google.com/about/appsecurity/hall-of-fame/distinction/ (2014). Accessed Dec 2014
Google: Google Wallet. https://www.google.com/wallet/ (2012). Accessed Sept 2012
Google: Google Wallet—how it works—in-store. http://www.google.com/wallet/how-it-works/in-store.html (2012). Accessed Sept 2012
Höbarth, S.: Android monkeys—get it, malware it, market it. Presentation at Hacking Night WS 2011. Hagenberg, Austria (2012)
Höbarth, S., Mayrhofer, R.: A framework for on-device privilege escalation exploit execution on Android. In: 3rd International Workshop on Security and Privacy in Spontaneous Interaction and Mobile Phone Use. San Francisco, CA, USA. http://www.medien.ifi.lmu.de/iwssi2011/papers/hoebarth-spmu2011.pdf (2011)
Mostowski, W., Pan, J., Akkiraju, S., de Vink, E., Poll, E., den Hartog, J.: A comparison of Java Cards: state-of-affairs 2006. CS-Report CSR 07–06, Technische Universiteit Eindhoven (2007)
Planck, S.: Google Wallet statistics roundup. NFC rumors. http://www.nfcrumors.com/05-27-2011/google-wallet-statistics-roundup/ (2011)
Roland, M.: Google Wallet relay attack. http://youtu.be/_R2JVPJzufg
Roland, M.: Google Wallet relay attack (low quality). http://youtu.be/hx5nbkDy6tc
Roland, M.: Applying recent secure element relay attack scenarios to the real world: Google Wallet relay attack. Comput. Res. Repository (CoRR), arXiv:1209.0875 (cs.CR) (2012). http://arxiv.org/abs/1209.0875
Roland, M.: Software card emulation in NFC-enabled mobile phones: great advantage or security nightmare? In: 4th International Workshop on Security and Privacy in Spontaneous Interaction and Mobile Phone Use. Newcastle, UK. http://www.medien.ifi.lmu.de/iwssi2012/papers/iwssi-spmu2012-roland.pdf (2012)
Roland, M., Langer, J., Scharinger, J.: Applying relay attacks to Google Wallet. In: Proceedings of the Fifth International Workshop on Near Field Communication (NFC 2013). IEEE, Zurich, Switzerland (2013). doi:10.1109/NFC.2013.6482441
Rubin, J.: Google wallet PIN vulnerability, post #5 on 9 Feb 2012 12:45 AM by J. Rubin (alias “miasma”). Thread on XDA Developers forum. http://forum.xda-developers.com/showpost.php?p=22327658&postcount=5 (2012). Accessed Sept 2012
Rubin, J.: Google Wallet security: about that rooted device requirement... zveloBLOG. https://zvelo.com/blog/entry/google-wallet-security-about-that-rooted-device-requirement (2012)
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this chapter
Cite this chapter
Roland, M. (2015). Software-Based Relay Attacks on Existing Applications. In: Security Issues in Mobile NFC Devices. T-Labs Series in Telecommunication Services. Springer, Cham. https://doi.org/10.1007/978-3-319-15488-6_7
Download citation
DOI: https://doi.org/10.1007/978-3-319-15488-6_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-15487-9
Online ISBN: 978-3-319-15488-6
eBook Packages: EngineeringEngineering (R0)