Recent roll-outs of contactless payment infrastruc-tures – particularly in Austria and Germany – have raised concerns about the security of contactless payment cards and Near Field Communication (NFC). There are well-known attack scenarios like relay attacks and skimming of credit card numbers. However , banks and credit card schemes often mitigate these… (More)
This work is part of the project " High Speed RFID " within the EU program " Regionale Wettbewerbsfähigkeit OÖ 2007–2013 (Regio 13) " funded by the European regional development fund (ERDF) and the Province of Upper Austria (Land Oberösterreich).
This report explains recent developments in relay attacks on contactless smartcards and secure elements. It further reveals how these relay attacks can be applied to the Google Wallet. Finally, it gives an overview of the components and results of a successful attempt to relay an EMV Mag-Stripe transaction between a Google Wallet device and an external card… (More)
Near Field Communication's card emulation mode is a way to combine smartcards with a mobile phone. Relay attack scenarios are well-known for contactless smartcards. In the past, relay attacks have only been considered for the case, where an attacker has physical proximity to an NFC-enabled mobile phone. However, a mobile phone introduces a significantly… (More)
Insufficient security and privacy on mobile devices have made it difficult to utilize sensitive systems like mobile banking, mobile credit cards, mobile ticketing or mobile passports. Solving these challenges in security and privacy, could result in better mobility and a higher level of confidence for the end-user services in such systems. Our approach for… (More)
This report gives an overview of secure element integration into Android devices. It focuses on the Open Mobile API as an open interface to access secure elements from Android applications. The overall architecture of the Open Mobile API is described and current Android devices are analyzed with regard to the availability of this API. Moreover, this report… (More)
This report summarizes the results of our evaluation of antennas of contactless and dual interface smartcards and our ideas for user-switchable NFC antennas. We show how to disassemble smart-cards with contactless capabilities in order to obtain the bare chip module and the bare antenna wire. We examine the design of various smartcard antennas and present… (More)
With the increasing popularity of security and privacy sensitive systems on mobile devices, such as mobile banking, mobile credit cards, mobile ticketing, or mobile digital identities, challenges for the protection of personal and security sensitive data of these use cases emerged. A common approach for the protection of sensitive data is to use additional… (More)