Explore a conference talk that delves into a novel attack scenario targeting EMV contactless payment cards. Learn about a combined pre-play and downgrade attack that enables the creation of functional card clones containing credit card data and pre-played authorization codes. Discover how these clones can be used to perform a limited number of EMV Mag-Stripe transactions at any EMV contactless payment terminal. Gain insights into the security concerns surrounding contactless payment infrastructures, particularly in Austria and Germany, and understand how this attack differs from well-known scenarios like relay attacks and skimming. Presented by Michael Roland and Josef Langer from the NFC Research Lab Hagenberg at the University of Applied Sciences Upper Austria, this 27-minute talk challenges common assumptions about the security of contactless payment systems and highlights potential vulnerabilities in EMV technology.
Overview
Syllabus
WOOT '13 - Cloning Credit Cards: A Combined Pre-play and Downgrade Attack on EMV Contactless
Taught by
USENIX