Threat Category: Network Threats: NFC
ID: LPN-12
Threat Description: Man in the middle by relaying NFC packets.
Threat Origin
Implementation and Analysis of a Practical NFC Relay Attack Example 1
Exploit Examples
Demo: NFCGate - An NFC Relay Application for Android [Extended Abstract] 2
CVE Examples
Not Applicable
Possible Countermeasures
To prevent an attacker from launching a successful NFC relay attack, use mobile devices and NFC apps that require user authorization of the transaction prior to fulfilling requests communicated over NFC.
To reduce the opportunity for this attack, disable NFC or associated apps when that feature is not in use.
To reduce the number of potentially vulnerable applications running on the device, disable or uninstall any NFC apps that are no longer in use.
EnterpriseTo prevent an attacker from launching a successful NFC relay attack, use mobile devices and NFC apps that require user authorization of the transaction prior to fulfilling requests communicated over NFC.
References
Z. Wang et al., “Implementation and Analysis of a Practical NFC Relay Attack Example”, in Proceedings of the 2012 Second International Conference on Instrumentation, Measurement, Computer, Communication, and Control, 2012, pp 143-146, https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=6428872 [accessed 8/1/2022]. ↩
M. Maass et al., Demo: NFCGate - An NFC Relay Application for Android [Extended Abstract], presented at 8th ACM Conference on Security and Privacy in Wireless and Mobile Networks, 26 June 2015; https://github.com/nfcgate/nfcgate [accessed 8/24/2016] ↩