Today, we rely on contactless smart cards to perform several critical operations (e.g., payments and accessing buildings). Attacking smart cards can have severe consequences, such as losing money or leaking sensitive information. Although the security protections embedded in smart cards have evolved over the years, those with weak security properties are still commonly used. Among the different solutions, blocking cards are affordable devices to protect smart cards. These devices are placed close to the smart cards, generating a noisy jamming signal or shielding them. Whereas vendors claim the reliability of their blocking cards, no previous study has ever focused on evaluating their effectiveness. In this paper, we shed light on the security threats on smart cards in the presence of blocking cards, showing the possibility of being bypassed by an attacker. We analyze blocking cards by inspecting their emitted signal and assessing a vulnerability in their internal design. We propose a novel attack that bypasses the jamming signal emitted by a blocking card and reads the content of the smart card. We evaluate the effectiveness of 11 blocking cards when protecting a MIFARE Ultralight smart card and a MIFARE Classic card. Of these 11 cards, we managed to bypass 8 of them and successfully dump the content of a smart card despite the presence of the blocking card. Our findings highlight that the noise type implemented by the blocking cards highly affects the protection level achieved by them. Based on this observation, we propose a countermeasure that may lead to the design of effective blocking cards. To further improve security, we released the tool we developed to inspect the spectrum emitted by blocking cards and set up our attack.

翻译：如今，我们依赖非接触式智能卡执行多项关键操作（例如支付和门禁）。攻击智能卡可能导致严重后果，如资金损失或敏感信息泄露。尽管智能卡内置的安全防护措施多年来不断演进，但安全性能较弱的卡仍广泛使用。在各种解决方案中，屏蔽卡是一种保护智能卡的廉价设备。这些设备靠近智能卡放置，产生噪声干扰信号或进行物理屏蔽。尽管厂商声称其屏蔽卡可靠，但此前尚无研究聚焦评估其有效性。本文揭示了屏蔽卡存在时智能卡面临的安全威胁，展示了攻击者绕过屏蔽卡的可能性。我们通过检查屏蔽卡发射的信号并评估其内部设计中的漏洞进行分析，提出了一种新型攻击，能够绕过屏蔽卡发出的干扰信号并读取智能卡内容。我们评估了11种屏蔽卡在保护MIFARE Ultralight智能卡和MIFARE Classic卡时的有效性。其中，我们成功绕过了8种屏蔽卡，并在屏蔽卡存在的情况下完整转储了智能卡内容。研究结果表明，屏蔽卡实现的噪声类型对其防护水平有显著影响。基于此观察，我们提出了一种可能设计高效屏蔽卡的对策。为进一步提升安全性，我们开源了开发的工具，用于检测屏蔽卡发射的频谱并实施攻击。