international journal of critical infrastructure protection 26 (2019) 100302

Available online at www.sciencedirect.com

journal homepage: www.elsevier.com/locate/IJCIP

“Internet of Smart Cards”: A pocket attacks

scenario

Luigi Sportiello1
European Commission, Joint Research Centre (JRC), Ispra, Italy

a r t i c l e i n f o a b s t r a c t

Article history: Smart cards are secure devices used to store people sensitive data and to regulate impor-
Received 18 October 2018 tant operations like identity proofs and payment transactions. For years people have been
Accepted 15 May 2019 used to contact smart cards but in the last decade we have seen the massive introduction
Available online 22 May 2019 of contactless smart cards. At the same time we have seen a growing number of mobile
phones equipped with a NFC interface in circulation, which are capable of interacting with
Keywords: contactless smart cards.
Contactless Smart Card Under different circumstances the user’s contactless cards and mobile phone are kept close
NFC together at a distance that should enable them to interact each other, for instance in pock-
Relay Attack ets and bags. We describe an architecture to attack the contactless cards of a user through
Smart Cards Botnet his NFC-equipped mobile phone. The user’s mobile phone, here defined as smart-mole, is
ePassport infected and connected to the NFC-equipped one of the attacker, the proxy. The victim’s
EMV Payment Card phone capabilities are exploited to run local attacks against a contactless card in its range,
for instance to recover the card PIN that is then sent back to the attacker. Subsequently the
attacker remotely uses the victim’s card through a relay attack putting his phone in front of
a reader and providing the PIN of the victim card when needed, basically impersonating the
cardholder. Infecting several phones an attacker could have under his control a large set of
cards, a sort of “Internet of Smart Cards”.

We show that surveying a decade of research and development in the contactless cards field
such attacks look feasible according the current social context and the level of technology.
We also discuss how they could be methodologically applied by an attacker to defeat the
different measures currently adopted to secure contactless cards.

© 2019 The Author. Published by Elsevier B.V.

This is an open access article under the CC BY license.
(http://creativecommons.org/licenses/by/4.0/)

ized with user-specific data stored in the chip. The card is then
1. Introduction presented to the system to be identified and to be granted the
relevant rights and operations. For years people have used the
Starting from the 80s people have got used to running differ-
so-called contact smart cards. They are featured by a visible
ent operations of their life through a smart card, a plastic sup-
chip on the card surface and have to be physically inserted
port with a chip embedded in it. In the context of a system
each user can be provided with a unique smart card personal-

E-mail address: luigi.sportiello@ec.europa.eu

1
This research did not receive any specific grant from funding agencies in the public, commercial, or not-for-profit sectors.

https://doi.org/10.1016/j.ijcip.2019.05.005
1874-5482/© 2019 The Author. Published by Elsevier B.V. This is an open access article under the CC BY license.
(http://creativecommons.org/licenses/by/4.0/)
2 international journal of critical infrastructure protection 26 (2019) 100302
Fig. 1 – Relay attack against a contactless smart card.
in a card reader incorporated in the system to be operated.
This allows to establish a physical contact between the sys-
tem and the pins of the chip, to power it and to start a commu-
nication between them. Such a gesture is become famous in
particular for the use of debit/credit cards in payment termi-
nals at the points of sale, where the card is used to authorize
payment transactions for the goods purchased by the relative
cardholder.
In the last decade we have seen the progressive introduc-
tion of contactless smart cards. For such a card the chip is con-
nected to a coil and both elements are completely immersed
in the card plastic support, making them invisible. The card
is operated placing it in the range of 0–10 cm from a reader
that emits a RF field. The field is used to power the chip by in-
duction through the coil and to communicate with it modulat-
ing commands and responses [1]. Such cards are also simply
known as contactless cards, or as RFID cards for their commu-
nication nature similar to that of RFID tags [5], or as NFC cards
for their capability to interact with devices equipped with a
Near Field Communication (NFC) interface [3].
Contactless cards are observing a growing interest in the
market as they enable fast and easy operations, given that the
card has to be just waved in proximity of the reader, in sev-
eral cases without even the need to pull it out of the wallet or
pocket. In addition, their contactless communication nature
eliminates the common wear and tear effect that affects con-
tact smart cards. Contactless cards are becoming more and
more widespread and used, among others, as tokens for ac-
cess control of protected facilities and environments, as elec-
tronic identity documents, as payment cards and as electronic
tickets.
Due to their over-the-air communication, contactless cards
are prone to security issues. In particular the messages ex-
changed between card and reader could be eavesdropped, or
the card content could be stealthily skimmed establishing
a contactless communication with its chip. If accessed, the
card content could be also used to create a card clone. As
countermeasures contactless card communications are typ-
ically encrypted and access control mechanisms are adopted
to access the chip content and its functionalities, for instance
requesting that the cardholder provides a code (e.g., PIN)
via the system the card is interacting with. To prevent the
card cloning challenge-response mechanisms are typically
adopted: the reader sends a random number that is combined
by the card with a secret cryptographic key, which is unique
for the card and securely stored in its memory, to generate a
response.
Nonetheless, even if attacks countermeasures are adopted,
a powerful solution could still be available to malicious guys
to attack contactless smart cards: relay attacks (Fig. 1). A relay
attack against a contactless card consists in deceiving a reader
into believing that it is in proximity of such a card when in fact
it is not. Two devices are needed, a proxy and a mole: the proxy
is nearby the reader while the mole has to be in proximity of
the victim card. The devices have to be equipped with a con-
tactless card compliant interface, respectively to interact with
the reader and with the card, and a communication channel
has to be established between them. The commands sent by
the reader are forwarded to the card through the proxy-mole
link and vice versa for the card responses. The attacker who
presents the proxy to the reader can pretend to be the card-
holder of the victim card enjoying the rights granted by such
a card.
The concept of relay attack was introduced in the “Grand-
master Chess Attack” scenario [6]. An attacker can win a chess
match against a grandmaster without even knowing the rules
of the game. The attacker starts an epistolary chess game
against two grandmasters, exchanging moves with them by
mail and playing white with the first grandmaster and black
with the second, or vice versa. The attacker forwards the
moves of a grandmaster to the other. The two grandmasters
are deceived into playing together even if they both believe to
play against the attacker, who, at the end, wins a game. The
relay attack architecture specifically presented in Fig. 1, with
two malicious entities (i.e., proxy and mole) interacting in the
middle of two honest parties, was first introduced in [7] and it
is also known as “mafia fraud”.
Different real relay attacks against smart cards have been
presented in the literature, highlighting how the threat for
such devices has been brought to a practical level. A relay
attack against contact smart cards is described in [8], but
many more are the experiments presented against contact-
less cards, which are unfortunately particularly suitable for
this kind of attacks. The attacks differ for the equipment used
for the proxy and mole roles and for the communication chan-
nel established between them.
First studies for the implementation feasibility of relay at-
tacks against a contactless smart card are carried out in [9].
One of the first complete attacks is presented in [10], where
two specific pieces of hardware are designed to implement
both the proxy and the mole, which communicate over a ded-
icated RF channel achieving a relay distance of 50 m. Other
implementations using custom-made proxy and mole are pre-
sented in [11,12]. The introduction on the market of mobile
phones equipped with a NFC interface, and so capable of inter-
acting with contactless cards and readers, has favored a sort
of boom in the implementation of such attacks [13]. The au-
thors of [14–17] propose a hybrid solution, with the mole rep-
resented by a mobile phone whereas a specific programmable
device is used as proxy, with the two devices that communi-
cate together through a Bluetooth connection, getting a re-
lay distance of some meters. A solution based on two mo-
bile phones has been presented in different researches and
this is reasonable considering that the adoption of off-the-
shelf devices frees the developer from the design of custom-
made components. In [16,18,39,41,42] the authors use either
a Bluetooth connection or a Wi-Fi network (WLAN) to con-
nect together the two mobile phones acting as proxy and
mole, reaching a relay distance of a few tens of meters. The
authors of [19] rely on the mobile phone operator Internet
 international journal of critical infrastructure protection 26 (2019) 100302
connection of the two phones to build a communication chan-
nel between them, relaying the communication over kilome-
ters on a geographical scale, finally proving that the attack is
nowadays practical and effective.
In a relay attack scenario the reader directly interacts with
the original card. This allows to circumvent some of the tech-
niques used to secure contactless smart cards. For instance
in case of encrypted communications the secure channel set
up and management is directly handled by the two original
parties, with the attacker that does not have to play any role
in this. It is analogous if challenge-response mechanisms are
adopted to guarantee the card genuineness. Access control
mechanisms can be an effective countermeasure against re-
lay attacks, since if the attacker handling the proxy does not
know the card code to be inserted in the system (e.g. PIN) he
is prevented from carrying out the transaction. Anyhow this
works if access control mechanisms are well designed and im-
plemented, that is not always the case, indeed we discuss how
some possibilities could have been left open to attackers.
In this paper we show that there is the potential for prac-
tical and powerful frauds against contactless cards relying on
relay attacks extended with some logic. The frauds could be
basically realized through an extensive survey and collage of
what has already been proposed in the literature. In particu-
lar we discuss an architecture that enables an attacker to re-
motely attack a contactless card exploiting an infected NFC-
enabled mobile phone in its vicinity. The phone could be for
instance used to extract card data like its PIN, which is then
sent back to the attacker. Afterwards the victim card is re-
motely used by the attacker through a relay attack, with the in-
fected phone used as mole and connected to a NFC-equipped
attacker’s phone employed as proxy. The attacker can use the
recovered data, e.g., the PIN, when needed during the relayed
transaction. In this way the attacker impersonates the card-
holder and can for instance carry out identity thefts and finan-
cial frauds. The attack could be extended to potentially affect
several mobile phones with diverse contactless cards in their
range, making all such cards potentially available to the at-
tacker, like a sort of smart cards botnet or “Internet of Smart
Cards”. We discuss the applicability of such an attack architec-
ture to two popular contactless card applications, electronic
passports and payment cards, which have raised much inter-
est in media and in the academic world in the last decade. The
paper contribution can be summarized as follows:
• the security measures that can be adopted to protect con-
tactless cards are recapitulated;
• a practical architecture for remote attacks against contact-
less cards is discussed, which is substantially an extension
of the long distance relay attack of [19] with an empha-
sis on the role of the mole, here re-defined as smart-mole,
showing that the attack looks feasible on the base of what
has been already published in the literature and highlight-
ing possible scenarios;
• the possible application of the discussed attack archi-
tecture against two popular contactless card applications
like electronic passports and payment cards is discussed,
showing again the possible feasibility on the base of the
available literature;
3
• an attack analysis is given, discussing how the presented
architecture can be methodologically leveraged to defeat
all possible cards security measures;
• in light of the threat posed by the presented contactless
cards attacks a vision on the possible upcoming scenarios
is given.
The paper is organized in the following way. Section 2 is
devoted to the presentation of the communication technol-
ogy used by contactless cards and the mechanisms adopted
to secure their use. In Section 3 we present the architecture to
remotely attack contactless cards and in Section 4 we discuss
its possible application against electronic passports and pay-
ment cards. In Section 5 we give an analysis about the attack
application, discussing how the presented architecture can be
methodologically exploited to attack the different kind of con-
tactless cards in circulation. In Section 6 we analyze the possi-
ble impact of such an attack architecture taking into consider-
ation current trends in contactless cards and mobile phones,
discussing also possible countermeasures, while Section 7 is
for conclusions.
2. Contactless cards technology
Here, we summarize the protocol used for the communication
between contactless cards and readers, as well as the counter-
measures adopted to tackle the security issues that can gen-
erally affect these cards.
2.1. Communication protocol
At the base of the protocol stack for contactless card-reader
communications the ISO/IEC 14443 [1] standard is one of
the most used. It details the physical characteristics of the
card and specifies the features of the RF field, operating at
13.56 MHz, used to power the card along with its modulation
for the card-reader communication. Upon this physical layer
the standard specifies the anticollision procedures to man-
age the possible presence of multiple cards in proximity of
a reader, the format of the frames used in the communica-
tion and the half-duplex protocol used to exchange frames
between card and reader.
Contactless cards have to be put in a range of maximum
10 cm from the reader to be operated, so a physical prox-
imity is required to establish an interaction. Once the card
has been put in the field of the reader, the two devices set
up a communication exchanging first initialization and anti-
collision frames. The communication is then organized in a
master-slave mode: the reader sends a request and the card
replies with a response. This process is iterated throughout
the entire card-reader interaction.
The standard sets some time constraints for the request-
response exchange. Specifically, the response has to be re-
turned to the reader within a maximum time fixed before-
hand. If during the communication the reader does not receive
any response for a sent request within the specified maximum
time, after a recovery attempt, it aborts the communication, as
probably something has disrupted the interaction. This time
4 international journal of critical infrastructure protection 26 (2019) 100302
limit is fixed by the card at the beginning of the communica-
tion through a parameter called Frame Waiting Integer (FWI),
which allows the setting of a maximum response time of at
most ∼ 4.95 s. The FWI is typically used by the card to inform
the reader that a certain amount of time will be needed to re-
turn some responses, which is the case of responses that re-
quire time consuming operations to be elaborated (e.g., cryp-
tographic computations). This mechanism avoids erroneous
abortions of communication, but on the other hand facilitates
relay attacks, as we remark in Section 3.
The card-reader interaction is encoded through Applica-
tion Protocol Data Unit (APDU) messages, which are speci-
fied in the ISO/IEC 7816-4 standard [2]. Such APDUs define
several operations, like read/write data from/to the card chip
and reader/card authentication requests. The APDUs are en-
capsulated into ISO/IEC 14443 request-response frames dur-
ing the communication: specifically the reader sends APDU
commands and the chip replies with APDU responses. APDUs
are byte strings featured by the following format
where CLA are class bytes, INS denotes the command the
chip has to run, P1 and P2 are command parameters, Lc is
the length of the data sent by the reader and contained in
the Data field, Le represents the expected length of Data
in the response, and SW1-SW2 are status bytes returning
information regarding the launched command (e.g., suc-
cessful/unsuccessful operation). The received command is
typically parsed by the card chip, the identified command
executed and the relative response returned.
2.2. Security mechanisms
Contactless cards are usually security-certified products. To
get such a certification the whole development and testing
life cycle of a contactless card has to be carried out according
to the rules of a security certification scheme (e.g., Common
Criteria [4] is one of the most used schemes for smart cards).
As the result of the certification, the hardware and software of
the card should be able to withstand publicly known attacks
in the field, as for instance side channel attacks to extract
secret cryptographic material stored in the card chip.
Taking into consideration the over-the-air nature of the
card-reader communication and the usual private nature
of the data transmitted, like cardholder’s personal data or
bank account details, the messages exchanged by the parties
should be protected against tampering and eavesdropping.
Additionally, having in mind the sensitiveness of these data, it
can be also required to verify whether the reader is authorized
to read them out from the card, as the access could have been
restricted to a subset of entities. This access limitation to the
card data, which are usually potential unique identifiers, also
helps to prevent the possible tracking of people movements
reading out their cards content at different locations. For this
reason the use of any unique identifier should be avoided even
during all the messages exchanged before the access to the
card data, so as to prevent any tracking possibilities. Since a
contactless card is used in the context of a system to provide
an identity and to be granted operations and services, it is also
important to guarantee the authenticity of its content and to
prevent the cloning of the card, as well as to restrict its usage
to the legitimate cardholder only, so as to prevent someone
else to impersonate the cardholder and to enjoy undeserved
rights.
To satisfy the security measures discussed above, all or part
of the following mechanisms are adopted in contactless cards,
according to their application domain:
secure communication channel – the card-reader messages
can be encrypted and the integrity of the communication can
be protected, e.g., applying a message authentication code
(MAC) to the exchanged messages. This allows not only to pre-
vent eavesdropping and tampering, but it is also a first mea-
sure against the card cloning as the card content transmitted
in the messages is inaccessible. In addition the encryption is
usually randomized preventing replay attacks.
reader authentication – the reader, or in general the system
behind it, could be authenticated to verify its rights to ac-
cess the card data and its functionalities. The reader-side sys-
tem could be equipped with a cryptographic public/private
key pair linked to a digital certificate verifiable by the card. A
challenge-response authentication is carried out at the begin-
ning of the interaction: the card retrieves the certificate and
sends towards the reader a random number, returned digi-
tally signed by the system. The signature is finally verified by
the card and, if successful, specific rights are granted to the
reader-side system according to its identity as specified by the
certificate.
card genuineness verification – the card content can be dig-
itally signed by the card issuer, so as to prevent third par-
ties from the preparation of cards then used with the system.
This obviously does not hinder the card cloning, which can be
prevented equipping the card with a public/private key pair
and running a challenge-response authentication towards the
card. Alternatively, the card can be equipped with a symmetric
key shared with the system: the card applies message authen-
tication codes to the exchanged information, which are then
verified by the system. In case of failure the card is rejected.
The effectiveness of these anti-cloning measures depends on
the capability to protect the private/symmetric key stored
in the card from software/hardware attacks, which is typi-
cally assured by the security certification. Note that thanks to
the strict card-reader vicinity required by the communication
standard in conjunction with the anti-cloning measures de-
scribed here, it is necessary that the original card is in physical
proximity of the reader to authorize an operation.
card access control – an access control code can be used to be
sure that the card is operated only in the presence of the legit-
imate cardholder. The code is typically a secret piece of infor-
mation known only by the card owner and stored in the card.
At the time that the card interacts with the reader and the sys-
tem behind it the user is instructed to provide the code, e.g.,
typing it through a keyboard (Fig. 2), or the code is introduced
before the interaction is started, according to the application
specifications. The provided code can be either sent to the card
that compares it with the one stored in its memory (e.g., a
 international journal of critical infrastructure protection 26 (2019) 100302
Fig. 2 – As security mechanism a confidential access code
associated to the card has to be provided to the reading
system that is going to access the card content and its
functionalities.
PIN), or used for instance as parameter to generate a symmet-
ric cryptographic key used in the protocol between card and
reader (i.e., the provided code is used reader-side while the
card relies on the stored one). The insertion of a wrong code
makes the card to abort the transaction. A threshold can be
set on the number of wrong codes that can be presented in a
row, after that the card is blocked or the interaction is delayed
so as to prevent brute-force attacks.
In light of the measures mentioned above contactless cards
are considered smart secure devices used to regulate the exe-
cution of important operations and to store sensitive data that
are selectively disclosed.
3. Remote contactless cards attack
Many modern mobile phones are featured by good com-
putation capabilities and are equipped with a Near Field
Communication (NFC) interface that allows them to interact
with contactless readers and contactless cards [3]. When
interacting with contactless readers the phone is put in card
emulation mode, receiving reader APDU commands and
replying with APDU responses on top of an ISO/IEC 14443
channel. Vice versa, when in front of contactless cards the
phone acts as reader sending commands and waiting for
responses. Such a phone behavior is typically controlled by
installing applications on the device, which turn it into card
emulator or reader according to the desired functionality (e.g.,
installing a ticketing application on the phone, it can be used
to pay public transportation in front of appropriate readers).
The APDU commands parsing and execution as well as the
APDU responses generation are managed at the application
layer. In general software developers can program their own
phone applications, exploiting the NFC interface for their
purposes, simply relying on the software development kit of
the phone [41].
It can happen under many circumstances that a person
keeps his smart cards and his mobile phone close together
(Fig. 3). This is for instance the case of smart cards put in a
wallet, which is in turn kept close to the mobile phone for
instance in a pocket, in a handbag, in a shoulder bag or in a
bum bag. Additionally mobile phone covers featured by some
slots to store cards along with the phone itself are also par-
ticularly widespread nowadays. Also at home or at work the
5
Fig. 3 – The NFC-equipped mobile phone and contactless
cards of a user may be kept close together in different
circumstances.
wallet and the phone may be kept together, for instance one
above the other on a desk. When these scenarios are featured
by NFC-equipped mobile phones and contactless smart cards,
the short distance between a phone and the relative cards
might allow a contactless interaction between them.
When the conditions depicted above are met, there is room
for attacks. Indeed, the architecture presented in Fig. 4 could
be used to run attacks against those people, the victims, who
own and keep together some contactless cards and a NFC-
equipped mobile phone, which can be leveraged as contact-
less attack platform [20]. Specifically the victim’s phone, that
we call smart-mole, has to be infected with a malicious appli-
cation developed by the attacker and has to be connected to
the Internet, which is nowadays common for almost all mo-
bile phones in circulation, usually linked to the data network
offered by the mobile phone operator. The attacker needs a
NFC-equipped mobile phone connected to the Internet, called
proxy, with another specific application developed by the at-
tacker himself installed on it. The mole and proxy applica-
tions establish an Internet connection to interact each other.
The mole application uses the NFC interface of the phone to
act as reader and to interact with the cards in its vicinity. The
proxy application, instead, can put the phone in card emula-
tion mode using its NFC interface to interact with a reader in
its proximity. Such an architecture enables the attacker for the
following malicious operations:
interaction with the victim’s cards – the mole application can
instruct the phone to scan the cards in its vicinity returning
the list of detected cards to the proxy. If not protected, the
cards content can be read out and returned to the attacker
phone. The proxy could be also used by the attacker as “re-
mote terminal”, to remotely send APDU commands via the
proxy-mole link towards the victim cards, receiving the rela-
tive responses. In case a secure communication is adopted for
the card-reader communication, the mole could be leveraged
to run pre-play attacks, making the card to generate messages
afterwards presented by the attacker to reader. The mole can
be also leveraged to run denial of service attacks, for instance
launching commands that can block the card (e.g., series of
wrong PIN in a row).
attacks the victim’s cards access control mechanism – if some
access control measures are adopted to protect the content of
a card or its functionalities, which can be based on a secret
code used as PIN or as shared secret between card and reader
as explained in the previous section, the mole with its com-
putation capabilities and its NFC interface could be exploited
to run an attack against the card, for instance to recover such
6 international journal of critical infrastructure protection 26 (2019) 100302

Fig. 4 – Attack architecture: the victim card is reached by the attacker through his NFC-equipped mobile phone connected to
a NFC-equipped mobile phone in proximity of the card. The phone close to the victim card can be instructed to run local
attacks, e.g., to extract and return the card access code, and the entire architecture can serve for relay attacks.

a secret code. The retrieved code could be used to access the
card content and functionalities or could be sent back to the
attacker for later uses. Note that it may be possible to run this
kind of attacks in chunks instead of all at once. For instance
a brute-force attack could be carried on only when the victim
card is in the phone proximity and paused otherwise.
remote usage of the victim’s cards – the entire architecture can
be used to run relay attacks against a victim’s card. The at-
tacker put its proxy in front of a reader pretending to be the
victim. The reader APDU commands received by the proxy ap-
plication are forwarded to the card through the proxy-mole
link and vice versa for the card APDU responses. In case an
access control code is needed to use the card, the attacker
could have got it in advance attacking the card with the mole.
Note also that depending on the context, the relay architec-
ture could be also exploited to run man-in-the-middle (MITM)
attacks between card and reader.
The exploitation of such an architecture to run relay at-
tacks on a geographical scale has already been shown in [19].
In the presented experiments it is highlighted that the mole
manages a local ISO/IEC 14443 communication with the card,
while the proxy manages another independent ISO/IEC 14443
communication with the reader. The APDU bytes repre-
senting a reader command are extracted from the relative
ISO/IEC 14443 frame and forwarded by the proxy application
towards the mole application, which in turn sends them to the
card through its ISO/IEC 14443 established communication.
The APDU responses are managed in reverse order. The only
possible issue for the relayed communication is represented
by the delay introduced for the APDUs forwarding along the
network. Anyhow it has been shown that the round trip time
at the proxy level to forward a command and to receive a re-
sponse is in the order of ∼ 0.5 s, by far below the maximum
delay allowed by the standard to return a response ( ∼ 4.95 s). It
has to be noted that for cards compliant with other specifica-
tions or standards the attack may not be applicable in practice
(e.g., if only delays shorter than 0.5 s are allowed).
It has been also noted that mobile phone network opera-
tors can assign to their phones IP addresses that do not al-
low to accept incoming connections at the device level. This
means for instance that the proxy could not be instructed to
listen on a port waiting for incoming connections from in-
fected moles. Similarly it could be hard for the phones to ac-
cept incoming connections when they are connected to the In-
ternet through a Wi-Fi network. In addition it can also happen
that the phones are interfaced to the Internet via dynamic IPs,
making the connection to a specific device harder. All these
problems are circumvented opening connections from the
mole and from the proxy towards a dedicated server placed
between them and instructed to forward their communica-
tion [19]. Some experiments results are presented exploiting
such an architecture, achieving an APDUs relay distance that
is over 40 km with the phones accessing the Internet through
the data network of their mobile phone network operators,
and over 500 km with the two phones relying on Wi-Fi connec-
tions to access the Internet. This highlights that such attacks
can be run on a geographical scale.
Differently from traditional relay attacks we call the device
in proximity of the victim’s cards smart-mole instead of sim-
ply mole. This is motivated by the idea that in our architec-
ture such a device is not only a mere APDUs forwarder, but
it is also featured by some capabilities to interact with the
surrounding cards. For instance it could be instructed to scan
the cards in its range distinguishing their roles (e.g., ID cards,
payment cards) and returning an educated list to the attacker.
The smart-mole could understand if the card content access is
protected or not, directly reading it out and returning it to the
attacker in the latter case. Note that it would not be manda-
tory to send such a content to the proxy, it could be also sent to
the attacker via other means, like emails. Additionally, and in-
 international journal of critical infrastructure protection 26 (2019) 100302
terestingly, the smart-mole could be used to run local attacks
towards a card in its range, as for instance to unlock some
access control mechanisms. We will discuss some examples
in the next section.
Note that such an architecture is potentially capable of de-
feating all security measures that are nowadays in use for con-
tactless cards. Indeed, during a relay attacks all the crypto-
graphic operations to protect the communication channel and
to authenticate the two parties are directly run by the original
devices. Such an attack also nullifies the mandatory require-
ment of the card physical presence in front of the reader. Addi-
tionally, as already remarked, in case of access control mech-
anisms the smart-mole could be leveraged to attempt some
attacks.
The application of such an architecture requires the in-
stallation of a malicious application on the victim’s phone.
This could be stealthily achieved through social engineering
techniques, for instance inducing the victim to click on web
links in emails or social networks, or hiding the malware in
other applications or games distributed through phone soft-
ware repositories [21]. Note that the inclusion of a malware
in another application could make the application itself to
request extra credentials (e.g., access to the NFC functional-
ity), which depending on the phone operating system could be
listed at installation time. This should ring a bell in the user
head, but in practice the great majority of users do not pay any
attentions to the credentials asked by the applications, quickly
accepting any proposed condition.
4. Attack application examples
Here, we discuss the possible application of the presented at-
tack architecture against two popular contactless card appli-
cations, electronic passports and payment cards.
4.1. ePassports case
Nowadays several countries issue electronic passports (ePass-
ports) to their citizens, an electronic version of the traditional
passport used for people identification [22]. A contactless chip
storing personal data of the document holder is embedded in
the ePassport cover. A mechanism to protect the access to the
chip and the communication with it has been introduced, the
Basic Access Control (BAC). The BAC is a mutual authentica-
tion protocol between chip and reader. Each ePassport is fea-
tured by a private string called Machine Readable Zone (MRZ),
that has to be known by the reader to successfully run the BAC
with the document chip and establish a communication with
it. The BAC prevents unauthorized readings of the ePassport
chip content and sets up a secure communication.
The MRZ is printed in an internal data page of the ePass-
port booklet. The idea is that only the ePassport holder can
authorize the access to the chip of his document, for instance
explicitly showing such a page to an officer or providing the
MRZ by himself: the string can be optically scanned or man-
ually typed to be passed to the reader. The MRZ encodes sev-
eral information, among which the passport number, the doc-
ument holder’s date of birth and the document expiration date
that are relevant in the BAC. These three pieces of information
7
are used by the reader as seed to derive a couple of symmetric
keys KENC and KMAC , respectively used to encrypt BAC mes-
sages and generate MACs on them. The same keys are already
stored chip-side or are generated starting from the MRZ infor-
mation presents in its memory.
The BAC allows to mutually authenticate the reader and
the ePassport chip in the following way
Reader ePassport
PC = chal l enge
PC
←−−−−
RC = chal l enge
CR = ENC(RC, PC )
MR = MAC(CR )
CR , MR
−−−−→
Check MR
DEC(CR ), extract PC
Check if PC is correct
CP = ENC(PC, RC )
MP = MAC(CP )
CP , MP
←−−−−
Check MP
DEC(CP ), extract RC
Check if RC is correct
if a check fails, for instance the wrong MAC or challenge is
returned, the communication is aborted preventing the access
to the chip.
The natural usage of ePassport is for automated border
control at airports, where gates equipped with a contactless
reader and a scanner for reading the MRZ are able to extract
ePassport data for users identification. Usually a camera in-
stalled at the gate takes a photograph of the face of the person
who is passing through to compare it with an image stored in
the document chip. Since ePassports are protected against the
cloning through challenge-response protocols [22,23], there
are also proposals to use them as strong authentication token
for online services [24], in a manner similar to that of some
national electronic ID cards [54].
The proposed attack architecture could be used to attack
the BAC of an ePassport to read out part of its content and to
run a relay attack. In particular the smart-mole could apply
one of the following techniques when it is in proximity of the
victim’s ePassport:
educated brute-force attacks – it has been shown that the
MRZ of ePassports issued by different countries is featured by
low entropy [25–29]. Basically it means that given a country,
there is a reduced set of values representing all the MRZs
in circulation, for instance encodable on 40–50 bits. The
smart-mole could interact with the ePassport to discover first
its nationality, achieved for instance analyzing the chip APDU
responses to some specific APDU commands [30], and then to
run a brute-force attack against the BAC trying the different
MRZs. Even worse, different chip versions could be adopted
for the ePassports issued in a specific country over time. It
has been shown that the different versions of the chip reply
with different APDU responses to certain commands and
this can be used reader-side to infer the version of a target
chip. The set of chips of a specific version can be featured by
a limited set of passport number and document expiration
date values, resulting in a MRZ space for the entire set that is
representable with even less than 40 bits [29]. That being said
8 international journal of critical infrastructure protection 26 (2019) 100302
the smart-mole could first detect the chip version and then
run an educated brute-force BAC attack against it.
context-aware attacks – the MRZ information used in the BAC
protocol is represented by data that may be stored in the vic-
tim’s phone memory. For instance it is common nowadays to
store on mobile phones personal documents, boarding passes
or hotel reservations. The smart-mole application could be
programmed to extract documents or other data from the vic-
tim’s phone, sending them back to the attacker. All or part of
the MRZ information used for the BAC, passport number, doc-
ument holder’s date of birth and document expiration date
could be found by the attacker in the received material. If only
a portion of the needed information is found, this can be sent
to the smart-mole that will use it to run a brute-force attack
on the remaining part of the MRZ. The retrieved information
can be of course combined with the techniques described in
the previous point (e.g., chip versioning) to further reduce the
brute-force research space. The smart-mole could also extract
part of the needed information from other cards in its vicinity,
as for instance a loyalty card storing the victim’s date of birth
in a non-protected manner.
side channel attacks – it has been shown the possibility to
attack some specific implementations of the BAC through the
analysis of side channels [31]. In particular analyzing the re-
sponse times of a target chip triggered with a set of specific
commands it is possible to assemble a (message, MAC) pair
where the MAC is a valid authentication code for the chip, as
if the right KMAC has been used to generate it. It is leveraged
the fact that the chip behavior during MAC checks depends on
the number of correct bytes of the authentication code, so for
a given message the relative MAC can be reconstructed query-
ing the chip with several (message, MAC) pairs varying the MAC
bytes value and analyzing the response times. Leveraging the
low MRZ entropy the obtained pair can be sent to a cracking
machine that recovers and returns the relative MRZ [27], or
having chosen the message beforehand a look up table with a
list of MACs generated on it with all possible MRZs can be pre-
pared [31]. The attack has been shown using a desktop com-
puter connected to a contactless reader, but if the attack is
ported on mobile phone platforms it could be used by a smart-
mole.
Once the smart-mole has broken the BAC of the victim’s
ePassport, the holder personal details and a photograph of his
face are retrieved. Such data could be used by the attacker for
scams providing the victim identity. When the BAC is broken
the MRZ information is known by the attacker that can di-
rectly use the original ePassport through relay attacks, circum-
venting the anti-cloning measures. At automatic gates the
attacked ePassport could be used for fraudulent identity dec-
larations, even if the attacker could be spotted by officer while
using his phone or the face comparison phase should raise
some problems. However, if a victim with a face that resembles
that of the attacker is found, the cheat may take place consid-
ering that the face comparison systems commit errors [32]. A
relay attack could be particularly effective in case ePassports
are used as authentication token for online services, allowing
the attacker to enjoy the victim’s rights on the web.
In the last few years a new protocol called PACE [22] has
been proposed as access control mechanism to protect ePass-
ports. It is based on a different cryptographic protocol, but it
still relies on shared private information between reader and
chip, which can be, among others, again the MRZ. Similarly
to BAC, PACE could be potentially broken through a context-
aware attack.
Another electronic document that could be affected by the
presented attack architecture is the electronic Driving Licence
(eDL). Similarly to ePassports a chip can be embedded in the
document. Whether a contactless chip is adopted (also con-
tact chips are possible) the access to its data is protected by
the Basic Access Protection (BAP) [33]. The BAP can be con-
figured to act exactly as the BAC, relying again on a machine
readable string shared by the two interacting parties, and this
is exactly the approach adopted for the European eDL [34]. In
principle the attack methodology presented above can be also
applied against such devices. In such a case, if for instance
eDLs are used to prevent young or inexperienced people from
using high-powered cars electronically restricting the ignition,
this limitation could be circumvented through relay attacks.
4.2. EMV payment cards case
Payment cards are largely widespread. When a bank account
is subscribed, a debit and/or a credit card are usually contex-
tually issued to the user. For years and still now most of the
payment cards in circulation are featured by a magnetic stripe
(mag-stripe) placed on their back side: swiping the card in a
Point of Sale reader (POS) the bank information stored in the
magnetic stripe is read out and the purchase is charged on
the cardholder’s account. In the course of time in many coun-
tries smart cards have been introduced to be used as payment
cards, with the bank information stored in the secure chip and
accessed through a dedicated POS reader. Smart cards used for
payments are historically contact cards, but in the last decade
contactless cards have also been introduced. Note that it is
possible to have on a single payment card both the contact
and the contactless interface along with the mag-stripe, so of-
fering different way to run a payment transaction.
Each payment card is usually associated with a unique ac-
cess control code, the Personal Identification Number (PIN),
known only by the legitimate cardholder. At the time of a
payment transaction the user can be asked to type the PIN
through a POS keypad to authorize the transaction. The in-
serted PIN can be checked either sending it to the card through
an APDU command, or forwarding it to the card issuer net-
work, with the POS waiting for the response. Usually if a wrong
PIN is provided a few times in a row (e.g., 3 times), the card is
blocked. Contactless payment cards are generally designed to
skip the PIN request for small amount transactions (e.g., be-
low 30 Euros), even if the PIN could be requested in case the
accumulated amount of PIN-less transactions exceeds a cer-
tain threshold.
EMV is a well known and widespread global standard for
smart card-based payment cards, both contact and contact-
less [35]. The data stored in the chip of EMV contactless cards
comprise a digital version of the information printed on the
card surface, like card number, cardholder name and expiry
date [38]. The contactless cards that adhere to the EMV spec-
ifications can offer different modes of operation to proceed
with a payment transaction when in front of a POS [36], among
which two main classes can be identified, mag-stripe mode
 international journal of critical infrastructure protection 26 (2019) 100302
and full EMV mode. During a payment transaction in mag-
stripe mode the card returns data similar to those stored in
magnetic stripes appending a dynamically generated cryp-
togram. Such a mode allows the use of the existing magnetic
stripe infrastructures that are interfaced with the POS in circu-
lation. In mag-stripe mode each card relies on a unique secret
key KCARD , known only by the card itself and its issuer, and on
a transaction counter (ATC). The scheme adopted to authorize
a payment transaction is the following
Reader EMV payment card
MagSt ripeDat a
←−−−−−−−−−−−−
UN = random
UN
−−−−−−−−−−−−→
ATC = ATC + 1
Cryptogram =
f (CardData, UN,
ATC, KCARD )
Cryptogram, ATC
←−−−−−−−−−−−−
Cryptogram, ATC
checked by card issuer
with UN, Cryptogram and ATC sent to the card issuer network
by the POS. The card issuer checks the received cryptogram
with the secret key and verifies that the ATC is monotoni-
cally increasing. The ATC prevents replay attacks, while the
so called unpredictable number (UN) should avoid that cryp-
tograms are generated in advance with the real card for later
uses. In full EMV mode a payment protocol similar to the one
used for EMV contact payment cards is used. Such a protocol
is a bit more complex than the one of mag-stripe mode and
each card is equipped with a public/private key pair to digi-
tally sign the transaction data and to authorize the payment
operation.
The possible security issues of contactless payment cards
have raised the interest of the academic sector since their in-
troduction [37]. We show how the results of several researches
could be exploited in the proposed attack architecture to at-
tempt to commit frauds. In particular an attacker could apply
the following techniques:
card data extraction – data like card number, cardholder
name and expiry date stored in EMV credit card chips can
be freely accessible without any protection [38]. Such data
could be read by the smart-mole sending them back to the
attacker. The retrieved data could be for instance used for
fraudulent online payment transactions. Indeed on some web-
sites (e.g., Amazon) the 3 digits Card Verification Value (CVV)
printed on the card back side is not required, making the
retrieved information sufficient to carry out payments [45].
On top of this it has to be noted that the missing card data
like the CVV may be also recovered with online guessing
attacks [46].
pre-play attacks – it has been found out that the range of
possible values for the UN in the mag-stripe mode protocol
of some EMV credit cards is quite small (e.g., 3 digits), leaving
open the possibility of pre-play attacks [43]. In such a case the
smart-mole could interrogate the victim card with all possible
UN values collecting the cryptograms and ATCs received as
responses. The collected data can be stored by the attacker in
its proxy, or in another contactless card, that is then waived in
front of a POS for a payment: when the UN sent by the reader is
9
received by the device, the corresponding cryptogram and ATC
are retrieved from the memory and are returned to the POS.
Note that if the legitimate cardholder uses the card between
the collection phase and the attacker payment operation the
collected data are useless, as they are featured by ATCs that
are previous the last one used by the original card. Anyhow
the data collection takes about only one minute [43], so the at-
tacker could ask the smart-mole to run a fresh collection just
before his payment operation receiving the ready-to-use data
on his proxy. Even worse some obsolete cards exchange only
static data during the payment transaction [44]. If the smart-
mole detects the presence of such a card it can emulate and
record a payment transaction with the card. The collected data
would be used by the attacker to emulate the original card in
front of a reader.
relay attacks – the original victim card can be directly used
by the attacker exploiting the relay attack capability of the
presented architecture. Note that differently from pre-play at-
tacks the relay attack is not hindered by the ATC mechanism
and it works well even in case of transactions in full EMV
mode [42], which is usually adopted when available both for
the reader and for the card. Nonetheless during a relay attack a
card and a reader that are able to run a full EMV mode transac-
tion could be forced to fall down in mag-stripe mode. Indeed at
the beginning of the transaction the card returns the list of its
available modes of operation. The proxy-mole infrastructure
can play a MITM attack eliminating the full EMV mode pos-
sibility from the returned list [43], so forcing the mag-stripe
mode. The mag-stripe mode could be preferable as it entails
less operations and less exchanged data when compared to
the full EMV mode [36], resulting in a shorter transaction. This
limits the likelihood of attack failures due to sudden disrup-
tions of the mole-card interaction or of the phones Internet
connectivity.
PIN attacks – some EMV contactless cards make available an
APDU command to verify the card PIN [39], which replies pos-
itively if the command is provided with the correct PIN. The
smart-mole could leverage such a command to run an attack
to get the card PIN, which would be useful in other attacks
when the PIN-less conditions are no more met and the PIN
has to be inserted (e.g., relay attacks for purchases over 30 Eu-
ros). The smart-mole could adopt a brute-force approach pay-
ing attention to the number of PIN attempts left before the
card is blocked: for each possible PIN value the smart-mole
first checks through a command if at least two PIN attempts
are left and then tests the value through the verify PIN com-
mand [40]. The check avoids the card blocking that could raise
suspicions in the cardholder. Note that when the card is used
by the cardholder with the correct PIN the attempts counter is
reset, so re-opening new possibilities for the attacker. Accord-
ing to some studies several cardholders set the PIN for their
payment card deriving it from their date of birth or other im-
portant dates in their lives [47]. As for context-aware attacks
against ePassports, the data and documents stored in the vic-
tim’s phone could be inspected to retrieve relevant informa-
tion that can be used to perform an educated PIN guessing.
To prevent problems due to a forgotten PIN, some users also
tend to store their PIN as number in the phone address book,
which is another source of information potentially available to
the smart-mole application. In addition if a cardholder adopts
10 international journal of critical infrastructure protection 26 (2019) 100302
Table 1 – Mapping of the actions offered by the attack ar-
chitecture to be undertaken by an attacker to fraudulently
use a contactless card according to the measures adopted
to secure it (the brackets indicate that the action depend
on the specific card design).
the same PIN for different cards, which is probably not an
uncommon scenario, the smart-mole could run the verify PIN
attack against all the cards in its range, maximizing the num-
ber of available attempts. Obviously such an attack may also
require quite a long time.
The discussed attacks may allow to carry out payment
transactions at the victim expense. For small amount trans-
actions the task is made easy by the PIN-less nature of the
operation, but when the PIN is required some attacks can be
run to get it beforehand. On the contrary, there are not amount
limits, apart from the card plafond, for online payment trans-
actions carried out with data recovered from the memory of
contactless cards.
5. Attack application analysis
Having summarized the possible security measures for con-
tactless cards in Section 2.2 and having in mind the possible
operations with the architecture presented in Section 3, now
we logically analyze the necessary actions to be undertaken
by a fraudster who intends to attack a specif type of card. The
attacker methodology is recapitulated in Table 1. Given the ca-
pability of the attacker to install the malware in the victim’s
phone, when no security measures are adopted the card con-
tent can be easily read out and used at own discretion. This
is for instance the case of some payment cards that offer free
access to their data.
In case a secure channel is established between the card
and the reader, or even with the system behind it, the at-
tacker strategy depends on the specific security measures
adopted and on the available vulnerabilities. For instance the
card could be simply remotely interrogated to run pre-play at-
tacks, which is for instance possible for some credit cards in
order to circumvent their cryptogram mechanism. Such a se-
curity mechanisms can be also eluded by the attacker relaying
the communication between card and reader. For ePassports,
where the communication can be relayed but it is necessary to
break the BAC first, the relay attack has to be associated with
an attack to break the card access control.
If the card is constrained to interact only with authorized
readers, the only option for the attacker is to remotely use the
card through a relay attack. Anyhow, if the card is also featured
by an access control measure and the system prompt the user
to insert a code before any card-reader interaction, an access
control attack has to be carried out beforehand. An example is
given by ePassports, which require the MRZ to start the card-
reader interaction and to access a first set of data, but then
the reader authenticate itself to access other card data like
fingerprints [23].
When the card has to authenticate itself towards the reader
to prove its genuineness, the check can be circumvented by
the attacker with a relay attack, with the authentication di-
rectly run by card and reader. In case the only measure to pro-
tect the card is an access control mechanism, it is sufficient to
break it in order to access the card content and functionalities.
Note that in general when more than one of the four se-
curity measures listed in Table 1 are adopted, the attacker ac-
tions ticked in the different rows have to be summed. For in-
stance if card and reader are only both authenticated a relay
attack is sufficient, on the other hand if the genuineness of
a card is verified and also an access control code is adopted,
both the access control attack and the relay attack have to be
undertaken.
Along with the methodological identification of the actions
required an attack, we also classify hereunder the downsides
and upsides offered by the application of the remote attack
architecture discussed in this paper.
Attacker costs:
Attack implementation Off-the-shelf devices with software
developed with standard development
kits
Attack dissemination Malware hidden in other apps or spread
through social engineering
Vulnerabilities analysis Different cards weaknesses already
published
Attacker benefits:
Number of victims Potentially all users having a
NFC-equipped mobile phone and a
contactless card
Remote interactions Only remote activities victim-side, only
the proxy is presented in some
circumstances
Stealth activities Attack run silently in the victim’s pocket,
in some circumstances the proxy is
presented instead of a card in front of an
operator
The implementation costs are quite low, as it is possible
to rely on commercial standard phones without the design
of custom devices. The needed malware is developed through
standard development kits, relying on comfortable and effec-
tive means to largely spread it. In some situations it is neces-
sary to exploit vulnerabilities in the card security mechanisms
or their implementations, but as surveyed in this paper some
are already available and probably others will be published. If
a specific vulnerability for a target card has to be found out,
this would raise the attack cost.
In view of a limited effort the attacker can potentially reach
a huge number of victims, without physically meeting them
and operating silently with their phone, so acting comfort-
ably and going basically undetected. The only physical action
 international journal of critical infrastructure protection 26 (2019) 100302
Table 2 – Worldwide shipments of smart secure devices and NFC phones in the past years and future forecasts [48,50].
Almost all smart secure devices are represented by chips used in smart cards.
Shipments (millions) 2009 2010 2011
Smart secure devices 4520 5520 6295
of which contactless 265 370 480
(% of contactless) 5.9% 6.7% 7.6%
NFC-equipped phones - - - -
Note: for years 201Xf the figures are forecasts.
is represented by the proxy put in the reader proximity. The
presence of a phone instead of a card may raise suspicions if in
presence of an operator (e.g., at a POS), but the legitimate form
factor of a phone make it acceptable in such contexts [20], in
particular considering that nowadays many card functional-
ities are also offered through phone applications. Differently
the possible presence of cameras pointing at the reader should
be well evaluated by the attacker, as the recordings combined
with the system logs could bring to the identification of the at-
tacker. If the card is not remotely used relaying its messages
but its content is simply read out and used for other malicious
activities, so there is not any physical interaction, the attacker
has anyhow to pay attention to avoid any tracking possibility.
For instance if a credit card number is used for online trans-
actions, the purchased good should not be directly shipped to
the attacker address [53].
6. Possible future perspective
As shown in Table 2 there has been an increase of the num-
ber of contactless cards and NFC-equipped mobile phones in
circulation. The trend suggests that the percentage of smart
cards featured by a chip with a contactless interface is grow-
ing, highlighting that more and more card applications are
moving towards this technology. This huge set of devices,
which is considered secure and thus suitable to store sensi-
tive data and to manage people’s rights, is the potential tar-
get of the presented attack architecture. Along with this, the
likelihood to see real implementations of attacks based on
such an architecture is getting higher given the parallel signif-
icant increase of NFC-equipped phones in circulation, which
are all potential smart-moles. Such phones are heavily pene-
trating the market with shipments that have roughly doubled
in the last year and with a 2.2 billions forecast for the year
2020 [50]. NFC-equipped phones are basically becoming a de
facto standard in the mobile phones sector, with roughly 350
NFC-equipped mobile phones already available on the mar-
ket [49].
The large availability of potential victim devices may make
the attack appeal and effectiveness higher. Indeed an attacker
could scale the application of the attack architecture infect-
ing several phones, which in turn may make a potential large
set of cards available to him (Fig. 5). In this way the attacker
may have at his disposal a sort of “Internet of Smart Cards”,
that is a large botnet of smart cards connected to its proxy
and controlled or used as needed. The great disposal of a
11
2012 2013 2014 2015f 2016f
6970 7140 8220 9200 9805
660 1020 1360 1645 1850
9.5% 14.3% 16.5% 17.9% 18.9%
- 444 756 -
large set of infected mobile phones turned into smart-moles
also mitigates the problems dictated by those circumstances
where the victim does not have any contactless card, or in
case a card needed at a certain moment is not currently in the
smart-mole range: the attacker could simply rely on other in-
fected phones with cards available in their range. In addition a
potential large variety of services could be enjoyed by the at-
tacker according to the different typologies of available cards
(e.g., payment cards, ID cards, electronic tickets, badges to ac-
cess restricted areas). Obviously the potential interest in at-
tacking some of these specific card application could be dis-
puted, but we remark that the presented architecture for at-
tacks can be potentially applied against any new contactless
card application introduced in the field, which could represent
more interesting opportunities for an attacker, and that it can
basically operate on a worldwide scale, so the number of vic-
tims can be anyhow quite high.
The possible attack architecture application is made quite
easy by a combination of factors. No custom-made devices
have to be developed, but only off-the-shelf equipment has to
be employed. In general the development of smart-mole and
proxy applications can be simply done relying on the stan-
dard development kits and libraries available for commercial
phones [41]. For the installation of the smart-mole applica-
tion it is possible to rely on several ways already adopted to-
day to infect phones. For instance social engineering tech-
niques or malware hidden in other applications proposed via
phone software repositories could be adopted to operate on a
global scale, whereas vulnerabilities through the phone Blue-
tooth interface could be for instance exploited for targeted in-
fections [51]. Upon this the time taken by relay attacks con-
ducted with the attacker’s proxy should not raise particular
suspicions. If for instance the relay timings of [19], concern-
ing two phones connected to the Internet through the mobile
phone operator data network, are combined with the APDUs
sequence of an EMV mag-stripe transaction [43], a payment
operation would last in the order of 3–4 s, a time that would
not alert a merchant at his POS. Additionally throughout the
entire malicious activity the attacker operates in quite relaxed
conditions, as he acts stealthily and undetected in the victim’s
pocket or bag. This easiness vs potential payoff could moti-
vate fraudsters to start the development of attacks based on
the concepts presented in this paper, and this would not be
the first time that attackers take inspiration from scientific re-
searches [52].
The figures presented in Table 2 suggest that many smart
card-based applications may embrace the contactless tech-
12 international journal of critical infrastructure protection 26 (2019) 100302

Fig. 5 – Controlling the NFC-equipped mobile phone of several victims the attacker can potentially have at his disposal a
large number of contactless cards, like a sort of “Internet of Smart Cards”.

nology. For instance in the government sector, following the
example of ePassports, some countries have already adopted
electronic identity cards (eID) featured by a contactless
chip [54–56], with some of them explicitly designed to be used
as authentication tokens with an associated PIN for online
services. Following the model already in place for some
contact bank cards [57], we can imagine that also contactless
bank cards could be used in the future as authentication
tokens for online banking operations, relying for instance on
the contactless readers already embedded in many laptops in
circulations. It has to be noted that all smart card applications
migrated to the contactless technology become the poten-
tial target of attacks. On the other hand, it is also possible
to imagine that different contactless card services may be
migrated on the growing number of NFC-equipped mobile
phones of the users, in the form of phone applications. This
would impair the attack scenario described in this paper but
the attackers would start devising new cheats, as for instance
relay attacks against phone applications [58]. However we
think that a complete migration from contactless cards
towards the NFC system it is unlikely. Indeed all users would
be forced to have a NFC-equipped phone, which is probably
an unfair and unpopular requirement, and all of them should
be used to modern smart phones, which is not always the
case. On the contrary operations with cards are well settled
in people’s mind and it is probable that entities issuing con-
tactless cards will offer analogous phone applications just as
alternatives.
To defeat any attack each user could wrap up his contact-
less cards with a piece of aluminium foil. This would pre-
vent the reader-card inductive coupling blocking any contact-
less interaction. Although it is a simple action, this modus
operandi is not part of the common people culture and in ad-
dition this would nullify the “wave and go” concept behind
 international journal of critical infrastructure protection 26 (2019) 100302
contactless cards, forcing the cardholder to extract and un-
wrap the card before each usage. So it is duty of engineers, reg-
ulators and researchers to put in circulations contactless cards
able to withstand attacks like the ones discussed in this paper.
For instance part of the MRZ content of ePassports depends
on local administrations decisions. It would be advisable to
adopt MRZs featured by high entropy. Similarly user-chosen
PINs should be avoided, simply forcing random PIN values at
the issuing stage. Note that, even in these cases, the smart-
mole could still be used to extract useful data from the victim’s
phone memory to run smart attacks, like boarding passes re-
porting the MRZ or a note file containing a PIN.
To prevent, even educated, brute-force attacks the card re-
sponses could be delayed when a series of unsuccessful ac-
cess control attempts have been carried out. Such a measure
has been for instance adopted in some BAC implementations
of ePassports [29]. Also the card blocking after a certain num-
ber of consecutive erroneous PINs represents a good deterrent,
but it can be also used by an attacker to run denial of service
attacks remotely blocking the cards under his control [39].
It would be strongly advisable to protect contactless cards
against relay attacks. This could be for instance achieved run-
ning a challenge-response session with a precise time mea-
surement of the transmitted commands and responses, as al-
ready done in some commercial products [59], so as to detect
any possible delay introduced by an attacker in the middle of
the communication. Another alternative is represented by dis-
tance bounding protocols, which are able to infer an upper
bound for the distance between reader and contactless card
from the fact that no information can propagate faster than at
the speed of light [60], but further research is needed to bring
them in commercial products [61]. It would be also interesting
to develop techniques to discern if a real contactless card or a
phone in card emulation mode is in front of a reader, maybe
relying on some features of the contactless communication
physical layer [62].
Other more general countermeasures would be an activa-
tion button on the card to be kept pushed by the user during
the card usage, or an onboard fingerprint reader used by the
card to check if the genuine cardholder is physically using the
card [63]. In both cases the card can not be operated when it
is simply kept in the cardholder’s pocket or bag, so preventing
any attacker interaction with it. Along with cards countermea-
sures our mobile phones should be make more secure limiting
their possibility to be infected by malware. This is not needed
only to prevent contactless cards attacks, but more generally
to protect all those user’s data and operations nowadays man-
aged with these devices.
Obviously we do not have to forgot that the attacker “re-
search” will also progress, and new methods to leverage the
presented attack architecture could be found out. First we put
on the attacker research side the investigation of problems
concerning a communication between an NFC phone and a
contactless card that are maybe in a not perfect and aligned
position in a bag or in a pocket, as this could be a limiting fac-
tor for the presented attack architecture. A smart-mole could
be also exploited in the future to extract the authentication
private key used by a card to prove its genuineness, allow-
ing an attacker to produce fully working copies of the card. A
MITM attack between card and reader has been adopted with
13
success to skip the PIN check of contact payment cards alter-
ing some of the messages exchanged with the reader [64]. A
similar technique may be adopted through the discussed ar-
chitecture, which support MITM attacks, in case weaknesses
similar to those of contact payment cards are found out in
contactless payment cards.
In case we will not be able to face these threats, the conse-
quences may have a considerable impact on users. Indeed it
would be quite hard for them to prove their non-involvement
in operations conducted with their cards or with data col-
lected from them. Think of a payment through a relay attack:
in the bank logs the transaction would look like to be carried
out with the genuine card. Even worse if a recovered PIN is
used, as it is supposed to be known only by the legitimate card
owner [65]. As justification for the cardholder his geographi-
cal position at the fraud time could be compared with that of
the payment operation, but in particular the former may not
be available and anyhow the cardholder could be blamed to
have loaned his card. A forensic analysis of the victim’s phone
could be carried out to detect the malware, but only if the de-
vice is suspected, which is not always the case as the attacker
has acted silently with it. If for some reason the phone is ana-
lyzed and the malware discovered the link towards the proxy
could be leveraged to find the attacker, but he could make
the task harder adopting anonymization techniques for the
proxy-mole communication.
7. Conclusion
Nowadays there is a combined growing number of contact-
less smart cards and NFC-equipped mobile phones in circu-
lation. Under different circumstances a user keep its contact-
less cards and phone close together in pockets and bags, at a
distance that may allow them to interact each other. We have
shown that this aspect combined with some contactless cards
weaknesses known in the literature could be leveraged by an
attacker to carry out malicious operations, like identity thefts
or fraudulent payment transactions. This could be accom-
plished using the victim’s cards remotely, reached through the
victim’s phone infected by the attacker and under his control.
There is no evidence whatsoever that such kinds of attack
are already applied in practice, but we would not be surprised
to see them in the future considering their relative easiness,
the possible large scale applicability and the potential payoff.
Such attacks can have serious implications for the victims, as
the malicious operations would mostly go undetected, with
poor possibilities to prove the non-involvement of the legit-
imate cardholders. It is fundamental that engineers, regula-
tors and researchers keep working on the security of contact-
less cards, which are apparently going to be more and more
widespread and are daily used to regulate many sensitive op-
erations of our life.
references
[1] ISO/IEC 14443, “Identification cards – Contactless Integrated
Circuit Cards – Proximity Cards”, 2014.
14 international journal of critical infrastructure protection 26 (2019) 100302
[2] ISO/IEC 7816-4, “Identification Cards – Integrated Circuit
Cards – Part 4: Organization, Security and Commands for
Interchange”, 2013.
[3] ISO/IEC 21481, “Information technology –
Telecommunications and Information Exchange Between
Systems – Near Field Communication Interface and
Protocol-2 NFCIP-2”, 2012.
[4] Common Criteria, https://www.commoncriteriaportal.org/
2016.
[5] A. Juels, “RFID security and privacy: a research survey” IEEE
Journal on Selected Areas in Communications, Vol. 24, No. 2,
pp. 381-394, 2006.
[6] J.H. Conway, “On numbers and games”, London Academic
Press, Vol. 6, 1976.
[7] Y. Desmedt, C. Goutier, S. Bengio, “Special uses and abuses of
the Fiat-Shamir passport protocol”, in proceedings of
Advances in Cryptology - CRYPTO 87, LNCS 293, pp. 21-39,
1987.
[8] S. Drimer, S.J. Murdoch, “Keep your enemies close: distance
bounding against smartcard relay attacks”, in proceedings of
the 16th USENIX Security Symposium, pp. 87-102 2007.
[9] Z. Kfir, A. Wool, “Picking virtual pockets using relay attacks
on contactless smartcard”, in proceedings of the First
International Conference on Security and Privacy for
Emerging Areas in Communications Networks -
SecureComm2005, pp. 47–58, 2005.
[10] G.P. Hancke, “A practical relay attack on ISO 14443 proximity
cards”, Technical Report, University of Cambridge, Computer
Laboratory, UK, pp. 1–13, 2005.
[11] G.P. Hancke, K. Mayes, K. Markantonakis, “Confidence in
smart token proximity: relay attacks revisited”, Computers &
Security, Vol. 28, No. 7, pp. 615-627, 2009.
[12] P. Thevenon, O. Savry, S. Tedjini, “On the weakness of
contactless systems under relay attacks”, in proceedings of
the 19th International Conference on Software,
Telecommunications and Computer Networks -
SoftCOM2011, pp. 1–5, 2011.
[13] R. Anderson, “Position statement in RFID S&P panel: RFID
and the middleman”, in proceedings of the 11th
International Conference on Financial Cryptography,
pp. 46-49, 2007.
[14] W. Issovits, M. Hutter, “Weaknesses of the ISO/IEC 14443
protocol regarding relay attacks”, in proceedings of the
International Conference on RFID-Technologies and
Applications - RFID-TA2011, pp. 335–342, 2011.
[15] R. Silberschneider, T. Korak, M. Hutter, “Access without
permission: a practical RFID relay attack”, in proceedings of
the 21st Austrian Workshop on Microelectronics -
Austrochip, Vol. 10, pp. 59-64, 2013.
[16] T. Korak, M. Hutter, “On the power of active relay attacks
using custom-made proxies”, in proceedings of the 2014 IEEE
International Conference on RFID, pp. 126-133, 2014.
[17] M. WeiB: “Performing relay attacks on ISO 14443 contactless
smart cards using NFC mobile equipment”, Master Thesis,
Der Technischen Universitat Munchen, Germany, pp. 1-89
2010.
[18] L. Francis, G. Hancke, K. Mayes, K. Markantonakis, “Practical
relay attack on contactless transactions by using NFC mobile
phones”, in proceedings of Radio Frequency Identification
System Security - RFIDsec2012 Asia, pp. 21–32, 2012.
[19] L. Sportiello, A. Ciardulli, “Long distance relay attack”, in
proceedings of Radio Frequency Identification-Security and
Privacy Issues - RFIDsec2013, LNCS 8262, pp. 69–85,
2013.
[20] L. Francis, G. Hancke, K. Mayes, K. Markantonakis, “Potential
misuse of NFC enabled mobile phones with embedded
security elements as contactless attack platforms”, in
proceedings of International Conference for Internet
Technology and Secured Transactions - ICITST 2009, pp. 1–8,
2009.
[21] “Google yanks 21 malicious apps from android market”,
http://www.pcworld.com/article/221137/Google_Yanks_21_
Malicious_Apps_From_Android_Market_Phones.html 2011.
[22] International Civil Aviation Organization ICAO, “Machine
Readable Travel Documents”, Seventh Edition, 2015.
[23] BSI, “Advanced Security Mechanisms for Machine Readable
Travel Documents and eIDAS Token – Part 1”, Ver. 2.20, 2015.
[24] D.J. van Dijk, M. Oostdijk, “Using the ePassport for online
authentication”, Technical Report TI/RS/2009/002,
Telematica Instituut, pp. 1-22 2008.
[25] A. Juels, D. Molnar, D. Wagner, “Security and privacy issues in
e-Passports”, in proceedings of the IEEE 1st International
Conference on Security and Privacy for Emerging Areas in
Communications Networks - SecureComm2005, pp. 74–88,
2005.
[26] J.H. Hoepman, E. Hubbers, B. Jacobs, M. Oostdijk, R. Schreur,
“Crossing borders: security and privacy issues of the
European e-Passport”, in proceedings of Advances in
Information and Computer Security, LNCS 4266, pp. 152–167,
2006.
[27] Y. Liu, T. Kasper, K. Lemke-Rust, C. Paar, “E-passport: cracking
basic access control keys”, in proceedings of On the Move to
Meaningful Internet Systems 2007: CoopIS, DOA, ODBASE,
GADA, and IS, LNCS 4804, pp. 1531–1547, 2007.
[28] G. Avoine, K. Kalach, J.J. Quisquater, “ePassport: securing
international contacts with contactless chips”, in
proceedings of the 12th International Conference on
Financial Cryptograpy and Data Security, LNCS 5143,
pp. 141–155, 2008.
[29] L. Sportiello, “Weakening ePassports through bad
implementations”, in proceedings of Radio Frequency
Identification-Security and Privacy Issues - RFIDsec2012,
LNCS 7739, pp. 123–136, 2013.
[30] H. Richter, W. Mostowski, E. Poll, “Fingerprinting passports”,
in NLUUG Spring Conference on Security, pp. 21–30, 2008.
[31] L. Sportiello, “ePassport: side channel in the Basic Access
Control”, in proceedings of Radio Frequency
Identification-Security and Privacy Issues - RFIDsec2014,
LNCS 8651, pp. 173–184, 2014.
[32] A.M. Oostveen, M. Kaufmann, E. Krempel, G. Grasemann,
“Automated border control: a comparative usability study at
two European airports”, in proceedings of the 8th
International Conference on Interfaces and Human
Computer Interaction - IHCI2014, pp. 1-8 2014.
[33] ISO/IEC 18013, “Information Technology – Personal
Identification – ISO-Compliant Driving Licence – Part 3:
Access Control, Authentication and Integrity Validation”,
2009.
[34] Commission Regulation EU No. 383/2012, “laying down
technical requirements with regard to driving licences which
include a storage medium microchip”, 4 May 2012.
[35] EMVCo, https://www.emvco.com/ 2016.
[36] EMVCo, “EMV Contactless Specifications for Payment
Systems”, Books A-D, 2015.
[37] T.S. Heydt-Benjamin, D.V. Bailey, K. Fu, A. Juels, T. Oare,
“Vulnerabilities in first-generation RFID-enabled credit
cards”, in proceedings of Financial Cryptography and Data
Security, LNCS 4886, pp. 2-14, 2007.
[38] M. Emms, A. van Moorsel, “Practical attack on contactless
payment cards”, in HCI2011 Workshop - Heath, Wealth and
Identity Theft, pp. 1-2, 2011.
[39] M. Emms, B. Arief, T. Defty, J. Hannon, F. Hao, A. van Moorsel,
“The dangers of verify PIN on contactless cards”, Technical
Report, Newcastle University, UK, No. CS-TR-1332, pp. 1–10,
2012.
 international journal of critical infrastructure protection 26 (2019) 100302
[40] M. Emms, B. Arief, N. Little, A. van Moorsel, “Risks of offline
verify PIN on contactless cards”, in proceedings of Financial
Cryptography and Data Security, LNCS 7859, pp. 313-321
2013.
[41] J. Vila, R.J. Rodriguez, “Practical experiences on NFC relay
attacks with Android”, in proceedings of Radio Frequency
Identification-Security and Privacy Issues - RFIDsec2015,
LNCS 9440, pp. 87-103, 2015.
[42] T. Chothia, F.D. Garcia, J. de Ruiter, J. van den Breekel, M.
Thompson, “Relay cost bounding for contactless EMV
payments”, in proceedings of Financial Cryptography and
Data Security, LNCS 8975, pp. 189-206, 2015
[43] M. Roland, J. Langer, “Cloning credit cards: a combined
pre-play and downgrade attack on EMV contactless”, in
proceedings of the 7th USENIX Conference on Offensive
Technologies, pp. 1-12 2013.
[44] P. Fillmore, “Crash & pay: how to own and clone contactless
payment devices”, Black Hat USA 2015, https://www.
blackhat.com/docs/us- 15/materials/us- 15- Fillmore- Crash-
Pay-How-To-Own-And-Clone-Contactless-Payment-Devices.
pdf 2015.
[45] A. Barisani, A. Laurie, Z. Franken, D. Bianco, “Chip & PIN is
definitely broken”, DEFCON 19, https://dev.inversepath.com/
download/emv/emv_2011.pdf 2011
[46] M.A. Ali, B. Arief, M. Emms, A. van Moorsel, “Does The Online
Card Payment Landscape Unwittingly Facilitate Fraud?”, in
IEEE Symposium on Security and Privacy, pp. 1-8, 2017.
[47] J. Bonneau, P. Soren, R. Anderson, “A birthday present every
eleven wallets? The security of customer-chosen banking
PINs”, in proceedings of Financial Cryptography and Data
Security, LNCS 7397, pp. 25-40, 2012.
[48] Eurosmart - The voice of the smart security industry,
http://www.eurosmart.com/ 2015.
[49] “NFC phones: the definitive list”, http://www.nfcworld.com/
nfc- phones- list/ 2016.
[50] IHS, “NFC-enabled handset shipments to reach three-
quarters of a billion in 2015”, https://technology.ihs.com/
533599/nfc-enabled-handset-shipments-to-reach-three
- quarters- of- a- billion- in- 2015 2015.
[51] K. Dunham. “Mobile malware attacks and defense”, Syngress
Publishing, 2008.
[52] H. Ferradi, R. Geraud, D. Naccache, A. Tria, “When organized
crime applies academic results: a forensic analysis of an
in-card listening device”, Journal of Cryptographic
Engineering, Vol. 5, pp. 1-11, 2015.
[53] S. Hao, K. Borgolte, N. Nikiforakis, G. Stringhini, M. Egele, M.
Eubanks, B. Krebs, G. Vigna, “Drops for stuff: an analysis of
15
reshipping mule scams”, in proceedings of the 22nd
Conference on Computer and Communications Security -
SIGSAC, pp. 1081-1092, 2015.
[54] BSI, “The electronic ID card”, https://www.bsi.bund.de/EN/
Topics/ElectrIDDocuments/eIDcard/eIDcard_node.html 2016.
[55] J.P. Degabriele, V. Fehr, M. Fischlin, T. Gagliardoni, F. Gunther,
G.A. Marson, A. Mittelbach, K.G. Paterson, “Unpicking PLAID -
A cryptographic analysis of an ISO-standards-track
authentication protocol”, in proceedings of the 1st
International Conference on Research in Security
Standardisation - SSR2014, Vol. 8893, pp. 1-25, 2014.
[56] National Registration Department of Malaysia, Ministry of
Home Affairs, “Introduction To MyKad”, http://www.jpn.gov.
my/en/informasi/pengenalan- kepada- mykad/ 2016.
[57] S. Drimer, S.J. Murdoch, R. Anderson, “Optimised to fail: card
readers for online banking”, in proceedings of Financial
Cryptography and Data Security, LNCS 5628, pp. 184-200,
2009.
[58] M. Roland, J. Langer, J. Scharinger, “Applying relay attacks to
Google Wallet”, in 5th IEEE International Workshop on Near
Field Communication, pp. 1-6, 2013.
[59] NXP, “MF1PLUSx0y1 - Mainstream Contactless Smart Card IC
for Fast and Easy Solution Development”, Product Short Data
Sheet, Rev. 3.2, 2011.
[60] G.P. Hancke, M.G. Kuhn, “An RFID distance bounding
protocol”, in proceedings of the First International
Conference on Security and Privacy for Emerging Areas in
Communications Networks - SecureComm2005, pp. 67-73,
2005.
[61] H. Jannati, “Analysis of relay, terrorist fraud and distance
fraud attacks on RFID systems”, International Journal of
Critical Infrastructure Protection, Vol. 11, pp. 51-61, 2015.
[62] B. Danev, T.S. Heydt-Benjamin, S. Capkun, “Physical-layer
identification of RFID devices”, in proceedings of the 18th
Conference on USENIX Security Symposium, pp. 199-214,
2009.
[63] C. Swedberg, “Zwipe offers fingerprint-authenticated RFID
access-control card”, RFID Journal,
http://www.rfidjournal.com/articles/view?11288/ 2013.
[64] S.J. Murdoch, S. Drimer, R. Anderson, M. Bond, “Chip and PIN
is Broken”, in IEEE Symposium on Security and Privacy,
pp. 433-446, 2010.
[65] S.J. Murdoch, “Reliability of chip & PIN evidence in banking
disputes”, Digital Evidence & Electronic Signature Law
Review, Vol. 6, pp. 98-115, 2009.