Today, we rely on contactless smart cards to perform several critical operations (e.g., payments and accessing buildings). Attacking smart cards can have severe consequences, such as losing money or leaking sensitive information. Although the security protections embedded in smart cards have evolved over the years, those with weak security properties are still commonly used. Among the different solutions, blocking cards are affordable devices to protect smart cards. These devices are placed close to the smart cards, generating a noisy jamming signal or shielding them. Whereas vendors claim the reliability of their blocking cards, no previous study has ever focused on evaluating their effectiveness. In this paper, we shed light on the security threats on smart cards even in the presence of blocking cards, showing the possibility of being bypassed by an attacker. We analyze blocking cards by inspecting their emitted signal and assessing a vulnerability in their internal design. We propose a novel attack that bypasses the jamming signal emitted by a blocking card and reads the content of the smart card. We evaluate the effectiveness of 14 blocking cards when protecting a MIFARE Ultralight smart card and a MIFARE Classic card. We demonstrate that the protection of the 8 blocking cards among the 14 we evaluate can be successfully bypassed to dump the content of the smart card. Based on this observation, we propose a countermeasure that may lead to the design of effective blocking cards. To assist further security improvement, the tool that we developed to inspect the spectrum emitted by blocking cards and set up our attack is made available in open source.

翻译：如今，我们依赖非接触式智能卡来执行多项关键操作（例如支付和门禁）。攻击智能卡可能导致严重后果，例如资金损失或敏感信息泄露。尽管智能卡内置的安全保护措施多年来不断演进，但安全性能较弱的卡片仍被广泛使用。在各种解决方案中，屏蔽卡是一种经济实惠的智能卡保护设备。这些设备靠近智能卡放置，通过产生噪声干扰信号或物理屏蔽来提供保护。尽管供应商声称其屏蔽卡的可靠性，但此前尚无研究关注其有效性评估。本文揭示了即便在屏蔽卡存在的情况下，智能卡仍面临的安全威胁，并展示了攻击者绕过屏蔽卡的可能性。我们通过分析屏蔽卡发射的信号并评估其内部设计中的漏洞，提出了一种新型攻击方法，能够绕过屏蔽卡发出的干扰信号并读取智能卡内容。我们评估了14种屏蔽卡对MIFARE Ultralight和MIFARE Classic智能卡的保护效果，证明其中8种屏蔽卡的保护可被成功绕过，从而转储智能卡内容。基于此发现，我们提出了一种有助于设计有效屏蔽卡的对抗措施。为促进进一步安全改进，我们开发的用于检测屏蔽卡发射频谱并搭建攻击的工具已开源发布。