I understand that standard RFID cards are vulnerable to replay attacks however, how do smart cards which are also contactless protect against replay attacks? Is this decided by the chip or by the company which validates the payment?
Asked
Active
Viewed 1,556 times
1 Answers
6
The most-authoritative reference on EMV replay (i.e., transaction cloning) is Peter Fillmore's latest talk from Syscan 2015
https://github.com/peterfillmore/Talk-Stuff/blob/master/Syscan2015/PeterFillmore_Syscan2015.pdf
Another great resource is Ricardo Rodriguez's talk from Rooted 2015
http://www.slideshare.net/cgvwzq/on-relaying-nfc-payment-transactions-using-android-devices
Which mentions the NFC Proxy talk from DEF CON 20 by Eddie Lee
Of additional interest is Ricardo Rodriguez's whitepaper on EMV relay attacks
and Ricardo Rodriguez's website
Some additional validation of these attacks was provided during a HackFu competition by MWR InfoSec
And finally, Michael Roland and Josef Langer write about the downgrade attacks against EMV, as well as the protections built into the protocol. As you can see, originally, the EMV contactless spec itself wanted to provide the protection (long before payment validation), but things don't always work out as planned.
atdre
- 18,885
- 6
- 58
- 107