Beware of Pickpockets: A Practical Attack against Blocking Cards

02/17/2023
by   Marco Alecci, et al.
0

Today, we rely on contactless smart cards to perform several critical operations (e.g., payments and accessing buildings). Attacking smart cards can have severe consequences, such as losing money or leaking sensitive information. Although the security protections embedded in smart cards have evolved over the years, those with weak security properties are still commonly used. Among the different solutions, blocking cards are affordable devices to protect smart cards. These devices are placed close to the smart cards, generating a noisy jamming signal or shielding them. Whereas vendors claim the reliability of their blocking cards, no previous study has ever focused on evaluating their effectiveness. In this paper, we shed light on the security threats on smart cards even in the presence of blocking cards, showing the possibility of being bypassed by an attacker. We analyze blocking cards by inspecting their emitted signal and assessing a vulnerability in their internal design. We propose a novel attack that bypasses the jamming signal emitted by a blocking card and reads the content of the smart card. We evaluate the effectiveness of 14 blocking cards when protecting a MIFARE Ultralight smart card and a MIFARE Classic card. We demonstrate that the protection of the 8 blocking cards among the 14 we evaluate can be successfully bypassed to dump the content of the smart card. Based on this observation, we propose a countermeasure that may lead to the design of effective blocking cards. To assist further security improvement, the tool that we developed to inspect the spectrum emitted by blocking cards and set up our attack is made available in open source.

READ FULL TEXT

page 8

page 9

page 12

research
06/01/2018

A Bestiary of Blocking: The Motivations and Modes behind Website Unavailability

This paper examines different reasons the websites may vary in their ava...
research
06/25/2019

Blocking Mechanism of Porn Website in India: Claim and Truth

In last few years, the addiction of internet is apparently recognized as...
research
09/24/2018

An Empirical Study of the I2P Anonymity Network and its Censorship Resistance

Tor and I2P are well-known anonymity networks used by many individuals t...
research
08/15/2020

Are Smart Home Devices Abandoning IPV Victims?

Smart home devices have brought us many benefits such as advanced securi...
research
12/06/2018

Trustworthy Smart Band: Security Requirement Analysis with Threat Modeling

As smart bands make life more convenient and provide a positive lifestyl...
research
11/08/2018

Ad-versarial: Defeating Perceptual Ad-Blocking

Perceptual ad-blocking is a novel approach that uses visual cues to dete...
research
05/14/2018

User Blocking Considered Harmful? An Attacker-controllable Side Channel to Identify Social Accounts

This paper presents a practical side-channel attack that identifies the ...

Please sign up or login with your details

Forgot password? Click here to reset