Title :
Vulnerability Analysis and Attacks on NFC-Enabled Mobile Phones
Author :
Mulliner, Collin
Abstract :
Near Field Communication (NFC)-enabled mobile phones and services are starting to appear in the field, yet no attempt was made to analyze the security of NFC-enabled mobile phones. The situation is critical because NFC is mostly used in the area of payment and ticketing. This paper presents our approach to security testing of NFC-enabled mobile phones. Our approach takes into account not only the NFC-subsystem but also software components that can be controlled through the NFC-interface. Through our testing approach, we were able to identify a number of previously unknown vulnerabilities, some of which can be exploited for spoofing of tag content, an NFC-based worm, and for denial-of-service attacks. We further show that our findings can be applied to real world NFC-services.
Keywords :
invasive software; mobile computing; object-oriented programming; telecommunication security; NFC-based worm; NFC-enabled mobile phone; denial-of-service attack; near field communication; security testing; software component; tag content spoofing; vulnerability analysis; Availability; Computer crime; Information analysis; Information security; Information technology; Large-scale systems; Mobile communication; Mobile handsets; Smart cards; Testing; Fuzzing; Mobile Phones; NFC; Phishing; Spoofing; Vulnerability Analysis;
Conference_Titel :
Availability, Reliability and Security, 2009. ARES '09. International Conference on
Conference_Location :
Fukuoka
Print_ISBN :
978-1-4244-3572-2
Electronic_ISBN :
978-0-7695-3564-7
DOI :
10.1109/ARES.2009.46
