NFC-enabled Attack on Cyber Physical Systems: A Practical Case Study


Automated fare collection (AFC) systems have been widely applied to practical transportation due to their convenience. Although there are many potential threats of NFC such as eavesdropping, data modification, and relay attacks, NFC based AFC systems are considered secure, due to the limited 10cm communication distance. Nevertheless, the proliferation of NFC-equipped mobile phones make such system venerable. We introduce and implement an attack on AFC cards that permits an attacker to top up his smart card and get a refund. We also propose possible countermeasures to defend against these attacks.

In Proceedings of the 36th Annual IEEE International Conference on Computer Communications Workshops (INFOCOM Workshops 2017)
Research Assistant Professor

My research interests include IoT security, AIoT, and edge computing.