Range extension attacks on contactless smart cards

Yossef Oren, Dvir Schirman, Avishai Wool

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review


The security of many near-field RFID systems such as credit cards, access control, e-passports, and e-voting, relies on the assumption that the tag holder is in close proximity to the reader. This assumption should be reasonable due to the fact that the nominal operation range of the RFID tag is only few centimeters. In this work we demonstrate a range extension setup which breaks this proximity assumption. Our system allows full communications with a near-field RFID reader from a range of 115cm - two orders of magnitude greater than nominal range - and uses power that can be supplied by a car battery. The added flexibility offered to an attacker by this range extension significantly improves the effectiveness and practicality of relay attacks on real-world systems.

Original languageEnglish
Title of host publicationComputer Security, ESORICS 2013 - 18th European Symposium on Research in Computer Security, Proceedings
Number of pages18
StatePublished - 4 Oct 2013
Event18th European Symposium on Research in Computer Security, ESORICS 2013 - Egham, United Kingdom
Duration: 9 Sep 201313 Sep 2013

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume8134 LNCS


Conference18th European Symposium on Research in Computer Security, ESORICS 2013
Country/TerritoryUnited Kingdom


  • Contactless smart card
  • ISO/IEC 14443
  • RFID
  • Relay attack

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • Computer Science(all)


Dive into the research topics of 'Range extension attacks on contactless smart cards'. Together they form a unique fingerprint.

Cite this