A testbed for modeling and detecting attacks on NFC enabled mobile devices

Modern mobile computing devices have enabled a wide array of applications in commercial and government sectors. The integration of sensors and communication interfaces have paved the way for emerging applications and services. In particular, the integration of Near Field Communication (NFC) in smart phones and tablets has benefited payment and ticketing based services. These services typically process personal information stored on mobile devices which makes them an easy target for hackers to steal or modify data. Due to the recent attacks on mobile payment and payment systems, there is a need to investigate the attack vectors. In this paper, the design and development of an experimental testbed to evaluate approaches to model and detect threats to normal operation of payment systems is presented. The testbed comprised of three NFC enabled Android smart phones, an RFID credit card, NFC tags, a Frontier Comprobe Antenna, and associated software which were utilized to generate attack vectors and monitor operations. Results demonstrated that the testbed allowed successful evaluation of several attacks; the ghost and leech (relay), phishing and steganographic malware attacks.