[Resource Topic] 2005/052: Picking Virtual Pockets using Relay Attacks on Contactless Smartcard Systems

Welcome to the resource topic for 2005/052

Picking Virtual Pockets using Relay Attacks on Contactless Smartcard Systems

Authors: Ziv Kfir, Avishai Wool


A contactless smartcard is a smartcard that can communicate with other
devices without any physical connection, using Radio-Frequency
Identifier (RFID) technology. Contactless smartcards are becoming
increasingly popular, with applications like credit-cards,
national-ID, passports, physical access. The security of such
applications is clearly critical. A key feature of RFID-based systems
is their very short range: typical systems are designed to operate at
a range of ~10cm. In this study we show that contactless
smartcard technology is vulnerable to relay attacks: An attacker can
trick the reader into communicating with a victim smartcard that is
very far away. A low-tech'' attacker can build a pick-pocket system that can remotely use a victim contactless smartcard, without the victim's knowledge. The attack system consists of two devices, which we call the ghost’’ and the ``leech’'. We discuss basic designs for
the attacker’s equipment, and explore their possible operating
ranges. We show that the ghost can be up to 50m away from the card
reader—3 orders of magnitude higher than the nominal range. We also
show that the leech can be up to 50cm away from the the victim
card. The main characteristics of the attack are: orthogonality to any
security protocol, unlimited distance between the attacker and the
victim, and low cost of the attack system.

ePrint: https://eprint.iacr.org/2005/052

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .