Analysis of NFC Attack Surface¶
| Date: | 2012-07-25 |
|---|---|
| Speakers: | Charlie Miller |
| Slides: | http://media.blackhat.com/bh-us-12/Briefings/C_Miller/BH_US_12_Miller_NFC_attack_surface_Slides.pdf |
The Gist¶
- Fuzzing NFC stacks
- Potential attacks and demos
- Many Android phones have NFC. Not iPhone yet.
- He broke into a Google Nexus S and Nokia N9 using NFC!
Motivation¶
- NFC coming to a phone near you!
- “Server-side” attack vector
- Very hard to test NFC implementations
NFC Attack Surface¶
- New way to test NFC stacks
- Examples
- Google wallt PIN brute force
- parking meters
- bus passes, gym memberships
- URL spoofing, vending machines
NFC Basics¶
- Based on RFID (ISO 14443)
- 13.56 MHz (+/- 7kHz)
- Range: < 4cm
- Data rates: 106, 212, 424 kbps
- Typically on when phone screen is on (not when “asleep”)
- Modes: Passive, Active (P2P)