Software-Based Relay Attacks on Existing Applications

Roland, Michael

doi:10.1007/978-3-319-15488-6_7

Michael Roland⁵

Part of the book series: T-Labs Series in Telecommunication Services ((TLABS))

1820 Accesses
1 Citations

Abstract

This chapter provides an analysis of Google Wallet and shows how the software-based relay attack scenario can been applied to it.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 89.00; Price excludes VAT (USA)

Hardcover Book: USD 109.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

1.
http://forum.xda-developers.com/showthread.php?t=1365360.
2.
https://play.google.com/store/apps/details?id=com.google.android.apps.walletnfcrel.
3.
Since host-based card emulation was introduced to Android, recent versions of the wallet can use a cloud-based secure element in combination with host-based card emulation instead of an on-device secure element.
4.
An installation with version 1.5-R79-v5 of the Google Wallet app and version 1.6 of the on-card component installed in September 2012 reports the second credit card AID as A000000004 1010 AA539648FFFF00FFFF.
5.
AIDs A000000004 1010 and A000000004 1010 AA539648FFFF00FFFF.

References

Drake, J.J., Oliva Fora, P., Lanier, Z., Mulliner, C., Ridley, S.A., Wicherski, G.: Android Hacker’s Handbook. Wiley, New York (2014)
Google Scholar
EMVCo: EMV Contactless Specifications for Payment Systems—Book B: Entry Point Specification. Version 2.1 (2011)
Google Scholar
Francis, L., Hancke, G.P., Mayes, K.E., Markantonakis, K.: Practical relay attack on contactless transactions by using NFC mobile phones. Cryptology ePrint Archive, Report 2011/618. http://eprint.iacr.org/2011/618 (2011)
GlobalPlatform: Card Specification. Version 2.2.1 (2011)
Google Scholar
Google: Android developer—Google Play developer help—developer registration. https://support.google.com/googleplay/android-developer/answer/113468 (2014). Accessed Dec 2014
Google: Google—application security—hall of fame—honorable mention. http://www.google.com/about/appsecurity/hall-of-fame/distinction/ (2014). Accessed Dec 2014
Google: Google Wallet. https://www.google.com/wallet/ (2012). Accessed Sept 2012
Google: Google Wallet—how it works—in-store. http://www.google.com/wallet/how-it-works/in-store.html (2012). Accessed Sept 2012
Höbarth, S.: Android monkeys—get it, malware it, market it. Presentation at Hacking Night WS 2011. Hagenberg, Austria (2012)
Google Scholar
Höbarth, S., Mayrhofer, R.: A framework for on-device privilege escalation exploit execution on Android. In: 3rd International Workshop on Security and Privacy in Spontaneous Interaction and Mobile Phone Use. San Francisco, CA, USA. http://www.medien.ifi.lmu.de/iwssi2011/papers/hoebarth-spmu2011.pdf (2011)
Mostowski, W., Pan, J., Akkiraju, S., de Vink, E., Poll, E., den Hartog, J.: A comparison of Java Cards: state-of-affairs 2006. CS-Report CSR 07–06, Technische Universiteit Eindhoven (2007)
Google Scholar
Planck, S.: Google Wallet statistics roundup. NFC rumors. http://www.nfcrumors.com/05-27-2011/google-wallet-statistics-roundup/ (2011)
Roland, M.: Google Wallet relay attack. http://youtu.be/_R2JVPJzufg
Roland, M.: Google Wallet relay attack (low quality). http://youtu.be/hx5nbkDy6tc
Roland, M.: Applying recent secure element relay attack scenarios to the real world: Google Wallet relay attack. Comput. Res. Repository (CoRR), arXiv:1209.0875 (cs.CR) (2012). http://arxiv.org/abs/1209.0875
Roland, M.: Software card emulation in NFC-enabled mobile phones: great advantage or security nightmare? In: 4th International Workshop on Security and Privacy in Spontaneous Interaction and Mobile Phone Use. Newcastle, UK. http://www.medien.ifi.lmu.de/iwssi2012/papers/iwssi-spmu2012-roland.pdf (2012)
Roland, M., Langer, J., Scharinger, J.: Applying relay attacks to Google Wallet. In: Proceedings of the Fifth International Workshop on Near Field Communication (NFC 2013). IEEE, Zurich, Switzerland (2013). doi:10.1109/NFC.2013.6482441
Rubin, J.: Google wallet PIN vulnerability, post #5 on 9 Feb 2012 12:45 AM by J. Rubin (alias “miasma”). Thread on XDA Developers forum. http://forum.xda-developers.com/showpost.php?p=22327658&postcount=5 (2012). Accessed Sept 2012
Rubin, J.: Google Wallet security: about that rooted device requirement... zveloBLOG. https://zvelo.com/blog/entry/google-wallet-security-about-that-rooted-device-requirement (2012)

Download references

Author information

Authors and Affiliations

School of Informatics/Communications/Media, University of Applied Sciences Upper Austria, Hagenberg, Austria
Michael Roland

Authors

Michael Roland
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Michael Roland .

Rights and permissions

Reprints and permissions

Copyright information

About this chapter

Cite this chapter

Roland, M. (2015). Software-Based Relay Attacks on Existing Applications. In: Security Issues in Mobile NFC Devices. T-Labs Series in Telecommunication Services. Springer, Cham. https://doi.org/10.1007/978-3-319-15488-6_7

Download citation

DOI: https://doi.org/10.1007/978-3-319-15488-6_7
Published: 12 February 2015
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-15487-9
Online ISBN: 978-3-319-15488-6
eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics