Give me your credit card, the NFC way

More than one month ago I gave a presentation about the NFC credit cards privacy at No cON Name (NcN), a well known Spanish security conference. It's not a new subject and, also, some researchers presented talks about it in other conferences during this year, but, until that moment, there were no proofs of concept with Spanish credit cards (at least public ones). You can take a look at the presentation here (Spanish).



As I have mentioned in some posts about this subject, NFC payments are a normal part of life in some Asiatic countries, like Japan. However, this technology has arrived this year to Spain and other European countries, supported by banks, mostly. The result is that a person could have an NFC credit card in his wallet without even knowing it. It wouldn't be a problem if data were correctly protected, but we can't assume anything in the security world and this is another proof of that.

NFC CreditCard Reader


Language: C

Publication date: 2012-12-21

Description: Program based on readnfccc (by Renaud Lifchitz) to read some private data from credit cards, like cardholder, Permanent Account Number (PAN), expiry date, etc., using NFC technology. It has been tested with Spanish contactless credit cards, but can also be used with other countries cards. Take a look at this post (Spanish) and this video.

Requirements: libnfc (and an NFC reader, of course!)

Download it!



After installing libnfc, just compile the code:

$ gcc nfc_creditcard_reader.c -lnfc -o nfc_creditcard_reader

Place an NFC credit card close to the reader and execute it:



Language: Python

Publication date: 2012-07-01

Description: Simple script to write any URI to an NFC tag. Using the 0x00 URI type we can write any type of URI in the tag, without thinking about it. Based on the (nfcpy) script. You can take a look at the different URIs defined by the specification here and other special URIs related to installed mobile applications.

Requirements: nfcpy

Download it!




Usage: uri


Checking if reading an NFC tag is that secure

As I mentioned in my last post about NFC, we can use NFC Forum tags to store and share information, normally used by marketing departments. This information must have a specific format called NDEF (NFC Data Exchange Format). Thanks to this format different NFC devices can share NDEF messages between them. Each of these messages can store several NDEF records containing different type of information like plain text, images, audio or video (media in general), URIs, etc. You can take a look at the NDEF specification to learn more about it.



Here I'm going to focus on the URI records and their possibilities to perform actions in NFC capable mobile phones when reading this type of tags. The URI specification says that these are the supported schemes:


URI Identifier Codes


How to setup your own NFC lab

NFC is a reality today. A lot of cities in the world want to add this technology to their daily life, using it for transport, payments, access systems and almost all we can think (in some countries, like Japan and Korea, NFC is used years ago). Even reading NFC tags can be used to perform certain actions in our mobile phones like put it in flight mode, synchronize data, etc.



NFC is based on the ISO/IEC 18092 standard, published at the end of 2003, and it's compatible with other standards like ISO/IEC 14443 A/B (RFID) and ISO/IEC 15693 (FeliCa - Sony). As probably you know, it's a short distance wireless technology (normally < 10cm), high frequency (13'56 MHz) and low speed (normally until 424 Kbps). Unlike RFID, NFC is capable to perform bidirectional communications, and the time to establish the communication is much lower than using Bluetooth.

The aim of this blog post is not explaining how NFC works but giving some advice to setup a lab and start playing with this technology. The first thing we need is a NFC reader/writer. After looking around the most used are the following:


Syndicate content