@inproceedings{Silberschneider2013AccessWithoutPermission,
  author        = {Roman Silberschneider and Thomas Korak and Michael Hutter},
  title         = {Access Without Permission: A Practical RFID Relay Attack},
  booktitle     = {Austrian Workshop on Microelectronics -- Austrochip 2013, 21st Edition,, Linz, Austria, October 10},
  year          = {2013},
  pages         = {59--64},
  organization  = {Johannes Kepler University of Linz},
  abstract      = {In this paper, we present a practical relay attack that can be mounted on RFID systems found in many applications nowadays. The described attack uses a self-designed proxy device to forward the RF communication from a reader to a modern NFC-enabled smart phone (Google Nexus S). The phone acts as a mole to inquire a victimӳ card in the vicinity of the system. As a practical demonstration of our attack, we target a widely used accesscontrol application that usually grants access to office buildings using a strong AES authentication feature. Our attack successfully relays this authentication process via a Bluetooth channel (> 50 meters) within several hundred milliseconds. As a result, we were able to impersonate an authorized user and to enter the building without being detected.}
}