NFC-enabled Attack on Cyber Physical Systems: A Practical Case Study


Automated fare collection (AFC) systems have been widely applied to practical transportation due to their convenience. Although there are many potential threats of NFC such as eavesdropping, data modification, and relay attacks, NFC based AFC systems are considered secure, due to the limited 10cm communication distance. Nevertheless, the proliferation of NFC-equipped mobile phones make such system venerable. We introduce and implement an attack on AFC cards that permits an attacker to top up his smart card and get a refund. We also propose possible countermeasures to defend against these attacks.

In Proceedings of the 6th IEEE Annual International Workshop on Mission-Oriented Wireless Sensor and Cyber-Physical System Networking
Research Assistant Professor

My research interests include AIoT, edge computing, and mobile security.