Trojan of Things: Embedding Malicious NFC Tags into Common Objects
This addresses a security vulnerability for users of NFC-enabled smartphones, presenting a novel attack vector that is incremental in exploring new threats.
The paper tackles the problem of covert attacks on NFC-enabled mobile devices by embedding malicious NFC tags into common objects like banknotes and clothing, resulting in a proof-of-concept demonstration of severe and sophisticated attacks without user awareness.
We present a novel proof-of-concept attack named Trojan of Things (ToT), which aims to attack NFC- enabled mobile devices such as smartphones. The key idea of ToT attacks is to covertly embed maliciously programmed NFC tags into common objects routinely encountered in daily life such as banknotes, clothing, or furniture, which are not considered as NFC touchpoints. To fully explore the threat of ToT, we develop two striking techniques named ToT device and Phantom touch generator. These techniques enable an attacker to carry out various severe and sophisticated attacks unbeknownst to the device owner who unintentionally puts the device close to a ToT. We discuss the feasibility of the attack as well as the possible countermeasures against the threats of ToT attacks.