Launching replay attacks against the Wells Fargo Wallet service

Disclaimer

This white paper is a shortened version of the actual research. Unfortunately, the exploitation bug is not fixed yet. The company was notified and informed about the issue. However, the bug is not fixable (at the moment).

 

Timeline

The timeline of events were as follows:

01–20–2018: Discovered
01–22–2018: Retest on different PoS
02–08–2018: Wells Fargo team notified
02–09–2018: Wells Fargo received bug report and PoC
02–09–2018: Scheduled Meeting
02–12–2018: Meeting - NFC Replay
10–05–2018: Notifying Wells Fargo Team about public disclosure
11–20–2018: Published

 

Introduction

In this post, Salvador Mendoza (@netxing) details the "Wells Fargo Wallet Flaw", disclosing a Replay Attack vulnerability in the Wells Fargo Wallet service that allows an attacker to intercept an APDU (Application Protocol Data Unit), sniff the sensitive token, and use it in a Replay Attack.

 

The Wells Fargo Wallet service is a mobile payment and digital wallet service provided by Wells Fargo. Through the use of NFC (Near Field Communication), users are able to make contactless payments at NFC-enabled point-of-sale systems; similar to other apps such as Google Pay and Samsung Pay. In order to use this functionality, users must first register and add their Wells Fargo credit or debit cards to the service. Once this has been complete, the system will prompt the user if they would like to use the Wells Fargo Wallet service for their active NFC payment method, or to replace the current NFC payment method if there is another payment method in place.

 

The tokenization process by Wells Fargo Wallet takes place in the cloud and shares similarities with other tokenized frameworks used by Visa and Mastercard.

 

Analyzing a Wells Fargo Wallet APDU Transaction

An analysis of a Wells Fargo Wallet APDU Transaction by Salvador Mendoza goes as follows:

Analyzing a Wells Fargo Wallet APDU Transaction
(Leaving the XX XX as virtual credit card number)
T: Terminal/PoS and W: Wells Fargo Wallet responses

v4.3.2p
ATS:
T: 00 A4 04 00 0E 32 50 41 59 2E 53 59 53 2E 44 44 46 30 31 00
W: 6F 34 84 0E 32 50 41 59 2E 53 59 53 2E 44 44 46 30 31 A5 22 BF 0C 1F 61 1D 4F 07 A0 00 00 00 03 10 10 50 0B 56 69 73 61 20 43 72 65 64 69 74 87 01 01 9F 2A 01 03 90 00
T: 00 A4 04 00 07 A0 00 00 00 03 10 10 00
W: 6F 3E 84 07 A0 00 00 00 03 10 10 A5 33 50 0B 56 69 73 61 20 43 72 65 64 69 74 9F 38 18 9F 66 04 9F 02 06 9F 03 06 9F 1A 02 95 05 5F 2A 02 9A 03 9C 01 9F 37 04 BF 0C 08 9F 5A 05 10 08 40 08 40 90 00
T: 80 A8 00 00 23 83 21 F6 20 C0 00 00 00 00 00 00 01 00 00 00 00 00 00 08 40 00 00 00 00 00 08 40 17 11 18 00 06 1A B6 2C 00
W: 77 66 82 02 00 40 94 04 08 03 03 00 57 13 XX XX D2 40 92 01 74 68 00 00 01 04 9F 5F 34 01 00 9F 10 20 1F 43 28 00 A0 00 00 00 00 00 00 00 00 07 74 68 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9F 26 08 AB B3 1B 5F F1 C1 3C C0 9F 36 02 00 01 9F 6C 02 01 00 9F 6E 04 23 8C 00 00 9F 27 01 80 90 00
T: 00 B2 03 0C 00
W: 70 13 9F 07 02 00 80 5F 28 02 08 40 9F 19 06 04 00 10 00 00 56 90 00
T: 80 CA 9F 17 00
W: 69 85
T: 80 CA 9F 36 00
W: 69 85

 

The Issue

The issue with the Wells Fargo Wallet lies in its failure to correctly implement NFC protocol security measures, such as proper token expiration time frame and insufficient notification of transmission failure. This makes it possible to intercept the APDU through the use of a fake terminal, altered point-of-sale system or social engineering and steal sensitive data from the victim unnoticed.

 

A video demonstrating the interception of a token created by Wells Fargo Wallet can be found here:

 

In Salvador Mendoza's Proof of Concept attack, he intercepts a token created from Wells Fargo Wallet and copy/pastes it into the SwipeYours Android app. He then demonstrates that the intercepted token placed in the SwipeYours app also works with the reader. Once that is done, he makes a real transaction using SwipeYours with the Wells Fargo Token:

 

Countermeasures

As a countermeasure for users of the service, he suggests that they activate the Wells Fargo Wallet service payment method only when necessary, or disable NFC communication completely, since a malicious actor may be able to intercept a token from their digital wallet without notification.

Possible solutions for preventing replay attacks against the Wells Fargo Wallet service include proper transaction start/end notifications to prevent the interception of valuable information, as well as working on token expiration so that tokens are invalidated sooner.

 

Credits

Research by Salvador Mendoza (@netxing)