Advertisement

Software-Based Relay Attacks on Existing Applications

  • Michael RolandEmail author
Chapter
Part of the T-Labs Series in Telecommunication Services book series (TLABS)

Abstract

This chapter provides an analysis of Google Wallet and shows how the software-based relay attack scenario can been applied to it.

References

  1. 1.
    Drake, J.J., Oliva Fora, P., Lanier, Z., Mulliner, C., Ridley, S.A., Wicherski, G.: Android Hacker’s Handbook. Wiley, New York (2014)Google Scholar
  2. 2.
    EMVCo: EMV Contactless Specifications for Payment Systems—Book B: Entry Point Specification. Version 2.1 (2011)Google Scholar
  3. 3.
    Francis, L., Hancke, G.P., Mayes, K.E., Markantonakis, K.: Practical relay attack on contactless transactions by using NFC mobile phones. Cryptology ePrint Archive, Report 2011/618. http://eprint.iacr.org/2011/618 (2011)
  4. 4.
    GlobalPlatform: Card Specification. Version 2.2.1 (2011)Google Scholar
  5. 5.
    Google: Android developer—Google Play developer help—developer registration. https://support.google.com/googleplay/android-developer/answer/113468 (2014). Accessed Dec 2014
  6. 6.
    Google: Google—application security—hall of fame—honorable mention. http://www.google.com/about/appsecurity/hall-of-fame/distinction/ (2014). Accessed Dec 2014
  7. 7.
    Google: Google Wallet. https://www.google.com/wallet/ (2012). Accessed Sept 2012
  8. 8.
    Google: Google Wallet—how it works—in-store. http://www.google.com/wallet/how-it-works/in-store.html (2012). Accessed Sept 2012
  9. 9.
    Höbarth, S.: Android monkeys—get it, malware it, market it. Presentation at Hacking Night WS 2011. Hagenberg, Austria (2012)Google Scholar
  10. 10.
    Höbarth, S., Mayrhofer, R.: A framework for on-device privilege escalation exploit execution on Android. In: 3rd International Workshop on Security and Privacy in Spontaneous Interaction and Mobile Phone Use. San Francisco, CA, USA. http://www.medien.ifi.lmu.de/iwssi2011/papers/hoebarth-spmu2011.pdf (2011)
  11. 11.
    Mostowski, W., Pan, J., Akkiraju, S., de Vink, E., Poll, E., den Hartog, J.: A comparison of Java Cards: state-of-affairs 2006. CS-Report CSR 07–06, Technische Universiteit Eindhoven (2007)Google Scholar
  12. 12.
    Planck, S.: Google Wallet statistics roundup. NFC rumors. http://www.nfcrumors.com/05-27-2011/google-wallet-statistics-roundup/ (2011)
  13. 13.
    Roland, M.: Google Wallet relay attack. http://youtu.be/_R2JVPJzufg
  14. 14.
    Roland, M.: Google Wallet relay attack (low quality). http://youtu.be/hx5nbkDy6tc
  15. 15.
    Roland, M.: Applying recent secure element relay attack scenarios to the real world: Google Wallet relay attack. Comput. Res. Repository (CoRR), arXiv:1209.0875 (cs.CR) (2012). http://arxiv.org/abs/1209.0875
  16. 16.
    Roland, M.: Software card emulation in NFC-enabled mobile phones: great advantage or security nightmare? In: 4th International Workshop on Security and Privacy in Spontaneous Interaction and Mobile Phone Use. Newcastle, UK. http://www.medien.ifi.lmu.de/iwssi2012/papers/iwssi-spmu2012-roland.pdf (2012)
  17. 17.
    Roland, M., Langer, J., Scharinger, J.: Applying relay attacks to Google Wallet. In: Proceedings of the Fifth International Workshop on Near Field Communication (NFC 2013). IEEE, Zurich, Switzerland (2013). doi: 10.1109/NFC.2013.6482441
  18. 18.
    Rubin, J.: Google wallet PIN vulnerability, post #5 on 9 Feb 2012 12:45 AM by J. Rubin (alias “miasma”). Thread on XDA Developers forum. http://forum.xda-developers.com/showpost.php?p=22327658&postcount=5 (2012). Accessed Sept 2012
  19. 19.
    Rubin, J.: Google Wallet security: about that rooted device requirement... zveloBLOG. https://zvelo.com/blog/entry/google-wallet-security-about-that-rooted-device-requirement (2012)

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  1. 1.School of Informatics/Communications/MediaUniversity of Applied Sciences Upper AustriaHagenbergAustria

Personalised recommendations