Summary and Outlook

  • Michael RolandEmail author
Part of the T-Labs Series in Telecommunication Services book series (TLABS)


This work assessed the current state of Near Field Communication (NFC) security with regard to a range of specific application scenarios. Based on exemplary use-cases from the area of improving efficiency in automotive environments, application-specific security requirements have been identified. Two aspects of NFC—tagging and card emulation—have been found to be particularly important. Both aspects have been evaluated with regard to the efficiency of existing security architectures. Weaknesses of the existing security measures and new attack scenarios have been identified for both, tagging and secure element based card emulation. Countermeasures and solutions to overcome these unresolved security issues have been outlined.


  1. 1.
    Benninger, C., Sobell, M.: Intro to Near Field Communication (NFC) mobile security. Presentation at ShmooCon 2012. Washington, DC, USA. (2012)
  2. 2.
    Die Presse: Linzer Forscher löst Sicherheitsproblem für Google. (2012)
  3. 3.
    Google: Google—Application Security—Hall of Fame—Honorable Mention. (2014). Accessed Dec 2014
  4. 4.
    Habringer, A.: Drei Buchstaben beherrschen seine Welt. Oberösterreichische Nachrichten.,996318 (2012)
  5. 5.
    Korak, T., Wilfinger, L.: Handling the NDEF signature record type in a secure manner. In: Proceedings of the IEEE International Conference on RFID-Technologies and Applications (RFID-TA 2012), pp. 107–112. IEEE, Nice, France (2012). doi: 10.1109/RFID-TA.2012.6404492
  6. 6.
    Miller, C.: Don’t Stand So Close To Me: An Analysis of the NFC Attack Surface. Briefing at BlackHat USA. Las Vegas, NV, USA (2012)Google Scholar
  7. 7.
    Mulliner, C.: Attacking NFC Mobile Phones. Talk at 25th Chaos Communication Congress. Berlin, Germany. (2008)
  8. 8.
    Mulliner, C.: Vulnerability analysis and attacks on NFC-enabled mobile phones. In: Proceedings of the International Conference on Availability, Reliability and Security (ARES ’09), pp. 695–700. IEEE, Fukuoka, Japan (2009). doi: 10.1109/ARES.2009.46
  9. 9.
    Mulliner, C.: Binary Instrumentation on Android. Talk at SummerCon. New York, NY, USA. (2012)
  10. 10.
    NFC Forum: Signature RTD Certificate Policy. Policy document, version 1.0 (2014)Google Scholar
  11. 11.
    ORF: Sicherheitslücke beim Bezahlen per Handy. (2012)
  12. 12.
    Pumhösel, A.: Googles Geldtasche gehackt. (2012)
  13. 13.
    Wimmer, B.: Österreicher deckt NFC-Lücke bei Google auf. Technology News. (2012)

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  1. 1.School of Informatics/Communications/MediaUniversity of Applied Sciences Upper AustriaHagenbergAustria

Personalised recommendations