The attacker's devices communicate with each other via WiFi and with the terminal and card via NFC. The phone near the payment terminal is the attacker's card emulation device and the phone near the victim's card is the attacker's POS emulation device. The outermost devices are the real payment terminal (left) and the victim's contactless card (right).
The researchers' Android app requires neither root privileges nor any fancy hacks on Android, and has been successfully deployed on Pixel and Huawei devices. The application implements man-in-the-middle attacks on a relay attack architecture (see the following scheme). To show how easy it is to exploit the vulnerabilities found, the researchers have developed a proof-of-concept android application.
The security researchers describe their attack in addition to the PDF document above in this article on Github. However, an NFC-capable smartphone could also be used, which is held against the EMV card. To carry out the attack, the criminals must have access to the EMV card. As a result, payments above the limit, which requires a PIN for transactions via EMV cards, are possible without entering a PIN. Hacking the Visa PIN for NFC payment David Basin, Ralf Sasse and Jorge Toro from ETH Zurich have now been able to show how easy it is to bypass the PIN request for authorizing NFC payments with Visa cards. There have been Man-in-the-Middle (MITM) attacks, copied EMV cards and other successful attacks. Unfortunately, security is such a problem, as it has been questioned several times in recent years. In addition to the shift of liability, the global acceptance of EMV cards is also attributed to their claimed security. If a paper signature was used to authorize the transaction, the bank is liable. If a disputed transaction is authorized by a PIN, the consumer is liable. Banks have a strong incentive to introduce EMV because of the shift in liability. In December 2019 more than 80% of all card transactions worldwide used EMV, in many European countries even up to 98% were reached. The standard was developed in the mid-1990s and named after its founders Europay, Mastercard and Visa. The EMV StandardĮMV is the worldwide used standard for payment with chip cards.
Security researchers from ETH Zurich describe the attack on the EMV payment standard in the document The EMV Standard: Break, Fix, Verify and have demonstrated the whole thing on Visa's Visa credit cards with NFC pay.