Cyber Security And Digital Forensics

8757 Words36 Pages
Virtual Pickpocketing with NFC Malware Third Year Group Project Joseph Trimble, Eric Barnes, David Maddocks Submitted in part fulfilment for the degree of B.Sc. (Hons) in Cyber Security & Digital Forensics School of Informatics and Engineering, Institute of Technology Blanchardstown, Dublin, Ireland 18 May 2016 Declaration I hereby certify that this material, which I now submit for assessment on the programme of study leading to the award of Degree of Honours B.Sc. in Cyber Security & Digital Forensics in the Institute of Technology Blanchardstown, is entirely my own work except where otherwise stated, and has not been submitted for assessment for an academic purpose at this or any other academic institution other than…show more content…
Once the information is retrieved from the contactless card we will then look at new attack vectors, a new idea is the concept of virtual pickpocketing. Virtual pickpocketing is a fairly new concept that explores the idea of an embedded piece of malware that constantly looks for NFC signals such as a contactless debit card. The malware itself is disguised as a legitimate application that is installed on the user?s phone, once the phone comes into contact with the contactless card, the cards details are scanned and the information is relayed to a command and control server. Once the information is stored on the command and control server the attacker can now use an application to retrieve the card details and use a mobile device as if it were a contactless card to make payment for goods and services. This project has found multiple vulnerabilities in contactless payment cards; the reasons for which are discussed. Table of Contents Introduction 5 1.1 Smartcards 5 1.2 Protocol Stack 5 1.3 ISO/IEC 7816-3 5 1.4 ISO/IEC 7816-4 6 1.5 Contact / Contactless Smartcards 7 1.6 ISO/IEC 14443-3 8 1.7 ISO/IEC 14443-4 8 1.8 Near Field Communication 8 1.9 NFC Forum 8 1.1.1 NFC Operating Modes 9 1.1.2 Peer-to-peer mode 9 1.1.3 Reader / writer mode 9 1.1.4 Card Emulation Mode 9 1.1.5 Card Emulation 10 1.1.6 Secure Element 10 1.1.7 Software Card Emulation 11 1.1.8 EMV 12 EMV Contactless
Open Document