Can You Get into the Middle of Near Field Communication?

A recent development emanating from the widely used RFID technology is Near Field Communication (NFC). Basically, NFC is a popular short range (<10cm) wireless communication technology with applications in areas sensitive to security and privacy concerns including contact-less payment. Since NFC communications require very close proximity between two communicating devices (for example a smartcard and a reader), it is generally believed that Man-in-the-Middle (MITM) attacks are practically infeasible here. On the contrary to this general belief, in this paper, we successfully establish MITM attacks in NFC communications between a passive tag and an active reader. We present physical fundamentals of the attack, our engineering design, and results of our successful implementation. We also present practical impacts of the attack from the perspective of how a malicious user can leverage our MITM attack to compromise integrity of contact-less payment transactions. Finally, we present insights to combat the MITM attack in NFC communications towards the end of the paper.