Applying Relay Attacks to Google Wallet

Publikation, 2013


M. Roland, J. Langer, J. Scharinger - Applying Relay Attacks to Google Wallet - Proceedings of the 5th International Workshop on Near Field Communication, Zurich, Schweiz, 2013, pp. 1-6


The recent emergence of Near Field Communication (NFC) enabled smartphones resulted in an increasing interest in NFC security. Several new attack scenarios, using NFC devices either as attack plattform or as device under attack, have been discovered. One of them is the software-based relay attack. In this paper we evaluate the feasibility of the software-based relay attack in an existing mobile contactless payment system. We give an in-depth analysis of Google Wallet's credit card payment functionality. We describe our prototypical relay system that we used to sucessfully mount the software-based relay attack on Google Wallet. We discuss the practicability and threat potential of the attack and provide several possible workarounds. Finally, we analyze Google's approach to solving the issue of software-based relay attacks in their recent releases of Google Wallet.