NFCGate: Opening the Door for NFC Security Research with a Smartphone-Based Toolkit
This work provides a practical tool for security researchers to study NFC protocols more affordably and accessibly, though it is incremental as it builds on an existing proof of concept.
The authors tackled the problem of expensive and limited hardware for NFC security research by developing NFCGate, a smartphone-based toolkit that enables in-flight traffic analysis, modification, relay, and replay attacks, and used it to analyze an enterprise-level NFC lock, revealing security issues.
Near-Field Communication (NFC) is being used in a variety of security-critical applications, from access control to payment systems. However, NFC protocol analysis typically requires expensive or conspicuous dedicated hardware, or is severely limited on smartphones. In 2015, the NFCGate proof of concept aimed at solving this issue by providing capabilities for NFC analysis employing off-the-shelf Android smartphones. In this paper, we present an extended and improved NFC toolkit based on the functionally limited original open-source codebase. With in-flight traffic analysis and modification, relay, and replay features this toolkit turns an off-the-shelf smartphone into a powerful NFC research tool. To support the development of countermeasures against relay attacks, we investigate the latency incurred by NFCGate in different configurations. Our newly implemented features and improvements enable the case study of an award-winning, enterprise-level NFC lock from a well-known European lock vendor, which would otherwise require dedicated hardware. The analysis of the lock reveals several security issues, which were disclosed to the vendor.