HACK NFC ACCESS CARDS & STEAL CREDIT CARD DATA WITH ANDROID FOR FUN &PROFIT presented at Ruxcon 2015

by Babil Golam Sarwar,

Summary : Proximity dependent wireless technologies based on short range radio such as Near Field Communication (NFC) continues to be popular for physical access-control i.e. open doors, crossing security check-points etc. with wearable access cards, and also in global payment systems e.g. Mastercard's Paypass, Visa Paywave i.e. where the user makes a payment just by tapping the card on the merchant's reader.
Although several previous research work demonstrated several vulnerabilities in the NFC protocol and standard used in these systems, the users (and the policy-makers) generally continue to be unaware of the risks.
Therefore this talk focuses on some current widely deployed NFC standards used for access control systems in large institutions (hotels, universities etc.), and financial systems (Paypass, Paywave etc.) and provides easy to follow guidelines and source-code to attack, bypass, sniff and steal personal information from these systems using rather inexpensive Android devices.