2009 International Conference on Availability, Reliability and Security (2009)
Fukuoka Institute of Technology, Fukuoka, Japan
Mar. 16, 2009 to Mar. 19, 2009
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/ARES.2009.46
Near Field Communication (NFC)-enabled mobile phones and services are starting to appear in the field, yet no attempt was made to analyze the security of NFC-enabled mobile phones. The situation is critical because NFC is mostly used in the area of payment and ticketing. This paper presents our approach to security testing of NFC-enabled mobile phones. Our approach takes into account not only the NFC-subsystem but also software components that can be controlled through the NFC-interface. Through our testing approach, we were able to identify a number of previously unknown vulnerabilities, some of which can be exploited for spoofing of tag content, an NFC-based worm, and for Denial-of-Service attacks. We further show that our findings can be applied to real world NFC-services.
NFC, Mobile Phones, Vulnerability Analysis, Fuzzing, Phishing, Spoofing
C. Mulliner, "Vulnerability Analysis and Attacks on NFC-Enabled Mobile Phones," 2009 International Conference on Availability, Reliability and Security(ARES), Fukuoka Institute of Technology, Fukuoka, Japan, 2009, pp. 695-700.