2

Now that Android supports Card Emulation on the Nexus 5 with Android 4.4, is it likely that some apps may become available that allow me to effectively duplicate a smartcard (e.g. Smart Card that opens doors in my office) and use my phone in their place?

Would be pretty handy.

Cheers!

Michael Roland
  • 39,663
  • 10
  • 99
  • 206
ConnorL
  • 227
  • 4
  • 16

1 Answers1

4

No, this is not likely. Typically, copying/cloning arbitary cards using Android HCE is not possible.

  1. Many access control systems use the card ID (UID) to identify the card (or even to make an access control desicion!). With Android HCE, an app cannot set the emulated card ID.

  2. Many access control systems use cards/acces tokes that are not based on ISO 14443-4 (ISO-DEP) + ISO 7816-4 smartcard protocol. With Android HCE an app can only emulate smartcard applications that use ISO 7816-4 APDUs and application structure.

  3. Even if the access control system does not use the card ID and uses an ISO 7816-4 smartcard application, it is very likely that the card contains some cryptographic secret (secret key) that cannot be extracted from the card through smartcard commands.

Michael Roland
  • 39,663
  • 10
  • 99
  • 206
  • That's a shame, but thank you for a brilliant answer! – ConnorL Feb 18 '14 at 13:30
  • 1
    I wouldn't call it "a shame" if systems are secure and prevent (3), though it *is* a shame that systems using the principle in (1) even exist in the first place. Btw. while the answer to your question is **no**, this does not prent system providers to offer their own apps enabling using a phone in an access control system. – Michael Roland Feb 18 '14 at 22:40
  • Hi Michael, who is reponsible for setting the card ID? Where is it stored so it cannot be copied/cloned? In the case the HCE applciation is not a cloud-based solution nor a SE-based one, how is it possible to not copy/clone the app + data by the means of forensic analysis? – D4l3k Jan 18 '16 at 22:26
  • @D4l3k For a fixed UID on tags/smartcards, it's the manufacturer. There the UID is stored in ROM (or possibly OTP memory?) so it cannot be changed. The UID is freely readable (since its the addressed used to enumerate tags) and can easily be copied/cloned. For the HCE case that you suggest: Pretty much nothing prevents you from doing that, meny developers of HCE solutions just don't want to understand the impact of that. – Michael Roland Jan 23 '16 at 09:06
  • @D4l3k Also see http://stackoverflow.com/q/22878634/2425802 and http://stackoverflow.com/q/21700718/2425802 – Michael Roland Jan 23 '16 at 09:08