NFC Devices: Security and Privacy

Madlmayr, Gerald; Langer, Josef; Kantner, Christian; Scharinger, Josef

doi:10.1109/ares.2008.105

Cited by 147 publications

(78 citation statements)

References 2 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…All read-only and r/w-transponder (without encryption) [12] are in danger; in addition, it cannot be detected by the reader device.…”

Section: Spoofingmentioning

confidence: 99%

“…The attacks range from eavesdropping to data modification, insertion, corruption, and Man-in-the-Middle attacks. In [12], Madlmayr et al…”

Section: Related Workmentioning

confidence: 99%

“…Thus phishing attacks could easily be performed by modifying or replacing tags. [12] This is a simple and inexpensive way to mislead the user. Using signatures on tags and transporters would be suitable way to overcome this issue.…”

Section: Phishingmentioning

confidence: 99%

See 2 more Smart Citations

Survey on Security Threats and Solutions for Near Field Communication

.¹

2014

IJRET

View full text Add to dashboard Cite

show abstract

“…All read-only and r/w-transponder (without encryption) [12] are in danger; in addition, it cannot be detected by the reader device.…”

Section: Spoofingmentioning

confidence: 99%

“…The attacks range from eavesdropping to data modification, insertion, corruption, and Man-in-the-Middle attacks. In [12], Madlmayr et al…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Survey on Security Threats and Solutions for Near Field Communication

.¹

2014

IJRET

View full text Add to dashboard Cite

show abstract

“…When attached to a legitimate surface (say a Red Cross donation appeal poster), a maliciously modified NFC tag interacts with the NFC software on users' smartphones and directs them to a malicious website rather than the Red Cross's. [Madlmayr et al 2008].…”

Section: Md1-lmentioning

confidence: 99%

A Taxonomy of Attacks and a Survey of Defence Mechanisms for Semantic Social Engineering Attacks

2015

View full text Add to dashboard Cite

Social engineering is used as an umbrella term for a broad spectrum of computer exploitations that employ a variety of attack vectors and strategies to psychologically manipulate a user. Semantic attacks are the specific type of social engineering attacks that bypass technical defences by actively manipulating object characteristics, such as platform or system applications, to deceive rather than directly attack the user. Commonly observed examples include obfuscated URLs, phishing emails, drive-by downloads, spoofed websites and scareware to name a few. This paper presents a taxonomy of semantic attacks, as well as a survey of applicable defences. By contrasting the threat landscape and the associated mitigation techniques in a single comparative matrix, we identify the areas where further research can be particularly beneficial.

show abstract

“…However, without the use of end-to-end security (for example, the use of e-cheque), sophisticated phishing attacks can be developed against mobile payment solutions, for example, a phishing attack can be applied against an NFC based mobile phone by modifying or replacing tags [20]: this can mislead the user to submit data to a wrong party. And some SMS based mobile payment solutions require users to submit their account details in clear text to a third party to log on, and this can lead to an SMS phishing attack: by luring users to submit their account details to a wrong phone number.…”

Section: Phishing/credential Harvestingmentioning

confidence: 99%

Mobile Electronic Identity: Securing Payment on Mobile Phones

Chen¹,

Roscoe²

2011

Information Security Theory and Practice. Security and Privacy of Mobile Devices in Wireless Communication

View full text Add to dashboard Cite

Abstract. The pervasive use of mobile phones has created a dynamic computing platform that a large percentage of the population carries routinely. There is a growing trend of integrating mobile phones with electronic identity, giving the phone the ability to prove or support the identity of the owner by containing, for example, a tuple of name, ID, photo and public key. While this helps phone owners prove who they are, it does not prove to them that they are giving their identities to intended parties. This is important in its own right for reasons of privacy and avoiding cases of "identity theft", but all the more important when identity is being provided to support the transfer of value (e.g. in mobile payment) or information. In this paper we show how Human Interactive Security Protocols can support this type of authentication in cases where PKIs are inappropriate, misunderstood or too expensive, concentrating on the case of payment.

show abstract

NFC Devices: Security and Privacy

Cited by 147 publications

References 2 publications

Survey on Security Threats and Solutions for Near Field Communication

Survey on Security Threats and Solutions for Near Field Communication

A Taxonomy of Attacks and a Survey of Defence Mechanisms for Semantic Social Engineering Attacks

Mobile Electronic Identity: Securing Payment on Mobile Phones

Contact Info

Product

Resources

About