{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,16]],"date-time":"2026-01-16T07:02:36Z","timestamp":1768546956045,"version":"3.49.0"},"publisher-location":"Cham","reference-count":32,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783031398278","type":"print"},{"value":"9783031398285","type":"electronic"}],"license":[{"start":{"date-parts":[[2023,1,1]],"date-time":"2023-01-01T00:00:00Z","timestamp":1672531200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2023,1,1]],"date-time":"2023-01-01T00:00:00Z","timestamp":1672531200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2023]]},"DOI":"10.1007\/978-3-031-39828-5_20","type":"book-chapter","created":{"date-parts":[[2023,8,12]],"date-time":"2023-08-12T16:01:57Z","timestamp":1691856117000},"page":"363-384","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":2,"title":["Security Analysis of\u00a0Mobile Point-of-Sale Terminals"],"prefix":"10.1007","author":[{"given":"Mahshid","family":"Mehr Nezhad","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Elliot","family":"Laidlaw","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Feng","family":"Hao","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2023,8,7]]},"reference":[{"key":"20_CR1","unstructured":"Adafruit. Adafruit Bluefruit BLE Sniffer. https:\/\/www.adafruit.com\/product\/2269. Accessed 10 May 2022"},{"key":"20_CR2","unstructured":"Android. Safetynet attestation API. https:\/\/developer.android.com\/training\/safetynet\/attestation. Accessed 12 Mar 2023"},{"key":"20_CR3","doi-asserted-by":"crossref","unstructured":"Basin, D., Sasse, R., Toro-Pozo, J.: The EMV standard: break, fix, verify. In: 2021 IEEE Symposium on Security and Privacy (SP), Los Alamitos, CA, USA, pp. 1766\u20131781. IEEE Computer Society (2021)","DOI":"10.1109\/SP40001.2021.00037"},{"key":"20_CR4","unstructured":"Basin, D., Sasse, R., Toro-Pozo, J.: Card brand mixup attack: bypassing the PIN in non-visa cards by using them for visa transactions. In: 30th USENIX Security Symposium (USENIX Security 2021), pp. 179\u2013194. USENIX Association (2021)"},{"key":"20_CR5","unstructured":"Basin, D., Schaller, P., Toro-Pozo, J.: Inducing authentication failures to bypass credit card PINs. In: 32rd USENIX Security Symposium (USENIX Security) (2023)"},{"key":"20_CR6","volume":"52","author":"S Berlato","year":"2020","unstructured":"Berlato, S., Ceccato, M.: A large-scale study on the adoption of anti-debugging and anti-tampering protections in Android apps. J. Inf. Secur. Appl. 52, 102463 (2020)","journal-title":"J. Inf. Secur. Appl."},{"key":"20_CR7","unstructured":"Java Decompiler. Java online decompiler. http:\/\/www.javadecompilers.com\/apk. Accessed 13 May 2022"},{"key":"20_CR8","unstructured":"EMVCo. Worldwide EMV deployment statistics. https:\/\/www.emvco.com\/about-us\/worldwide-emv-deployment-statistics\/. Accessed 11 Jan 2023"},{"key":"20_CR9","unstructured":"Forbes. What is POS and how does it work? https:\/\/www.forbes.com\/advisor\/in\/banking\/what-is-pos-and-how-does-it-work\/. Accessed 11 Jan 2023"},{"key":"20_CR10","unstructured":"Frisby, W., Moench, B., Recht, B., Ristenpart, T.: Security analysis of smartphone point-of-sale systems. In: WOOT, pp. 22\u201333 (2012)"},{"key":"20_CR11","unstructured":"Galloway, L.-A., Yunusov, T.: For the love of money: finding and exploiting vulnerabilities in mobile point of sales systems. https:\/\/leigh-annegalloway.com\/for-the-love-of-money\/. Accessed 11 Jan 2023"},{"key":"20_CR12","unstructured":"United Kingdom Government. 2021 budget plan. https:\/\/www.gov.uk\/government\/publications\/budget-2021-documents. Accessed 01 June 2021"},{"key":"20_CR13","unstructured":"iZettle. In-app pairing guide. https:\/\/developer.zettle.com\/docs\/ios-sdk\/user-guides\/manage-in-app-pairing. Accessed 12 Mar 2023"},{"key":"20_CR14","unstructured":"iZettle. iZettle card reader. https:\/\/www.izettle.com\/. Accessed 11 Jan 2023"},{"key":"20_CR15","unstructured":"MWR Labs. Mission mpossible: Mobile card payment security. https:\/\/www.youtube.com\/watch?v=iwOP1hoVJEE. Accessed 11 Jan 2023"},{"key":"20_CR16","unstructured":"Mastercard. Mastercard tap to pay on iPhone. https:\/\/partner.visa.com\/site\/programs\/visa-ready\/tap-to-phone.html. Accessed 11 Jan 2023"},{"key":"20_CR17","doi-asserted-by":"crossref","unstructured":"Nezhad, M.M., Hao, F.: OPay: an orientation-based contactless payment solution against passive attacks. In: Annual Computer Security Applications Conference, pp. 375\u2013384 (2021)","DOI":"10.1145\/3485832.3485887"},{"key":"20_CR18","unstructured":"Mellen, A., Moore, J., Losev, A.: Mobile Point of Scam: Attacking the Square Reader. Black Hat, USA (2015)"},{"key":"20_CR19","unstructured":"Mitmproxy. How mitmproxy works. https:\/\/docs.mitmproxy.org\/stable\/concepts-howmitmproxyworks\/. Accessed 11 Jan 2023"},{"key":"20_CR20","unstructured":"Patrickfav. APK tool-a tool for reverse engineering Android APK files. https:\/\/ibotpeaches.github.io\/Apktool\/. Accessed 13 May 2022"},{"key":"20_CR21","unstructured":"Patrickfav. Uber APK signer. https:\/\/github.com\/patrickfav\/uber-apk-signer. Accessed 13 May 2022"},{"key":"20_CR22","doi-asserted-by":"crossref","unstructured":"Radu, A.-I., Chothia, T., Newton, C.J.P., Boureanu, I., Chen, L.: Practical EMV relay protection. In: 2022 IEEE Symposium on Security and Privacy (SP), pp. 1737\u20131756 (2022)","DOI":"10.1109\/SP46214.2022.9833642"},{"key":"20_CR23","unstructured":"Ryan, M.: Crackle. https:\/\/github.com\/mikeryan\/crackle. Accessed 24 May 2022"},{"key":"20_CR24","unstructured":"Ryan, M.: Bluetooth: with low energy comes low security. In: 7th USENIX Workshop on Offensive Technologies (WOOT 2013) (2013)"},{"key":"20_CR25","unstructured":"shroudedcode. apk-mitm. https:\/\/github.com\/shroudedcode\/apk-mitm. Accessed 13 May 2022"},{"key":"20_CR26","unstructured":"Bluetooth SIG. Bluetooth core specification, v5.2. https:\/\/www.bluetooth.com\/specifications\/specs\/core-specification-5-2\/. Accessed 9 May 2022"},{"key":"20_CR27","unstructured":"Square. Square card reader. https:\/\/squareup.com\/gb\/en. Accessed 11 Jan 2023"},{"key":"20_CR28","unstructured":"Square. What is a card-not-present (CNP) transaction and why does it cost more. https:\/\/squareup.com\/gb\/en\/townsquare\/what-is-a-card-not-present-transaction. Accessed 11 Jan 2023"},{"key":"20_CR29","unstructured":"Sumup. Sumup card reader. https:\/\/www.sumup.com\/en-gb\/. Accessed 11 Jan 2023"},{"key":"20_CR30","unstructured":"Miura Systems. Miura card reader. https:\/\/www.miurasystems.com\/. Accessed 11 Jan 2023"},{"key":"20_CR31","unstructured":"Visa. Visa tap to phone. https:\/\/partner.visa.com\/site\/programs\/visa-ready\/tap-to-phone.html. Accessed 11 Jan 2023"},{"key":"20_CR32","doi-asserted-by":"crossref","unstructured":"Wermke, D., Huaman, N., Acar, Y., Reaves, B., Traynor, P., Fahl, S.: A large scale investigation of obfuscation use in Google Play. In: Proceedings of the 34th Annual Computer Security Applications Conference, pp. 222\u2013235 (2018)","DOI":"10.1145\/3274694.3274726"}],"container-title":["Lecture Notes in Computer Science","Network and System Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-39828-5_20","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,10,26]],"date-time":"2024-10-26T03:04:22Z","timestamp":1729911862000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-39828-5_20"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023]]},"ISBN":["9783031398278","9783031398285"],"references-count":32,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-39828-5_20","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023]]},"assertion":[{"value":"7 August 2023","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"NSS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Network and System Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Canterbury","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"United Kingdom","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2023","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"14 August 2023","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"16 August 2023","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"17","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"nss2023","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/nss-socialsec2023.cyber.kent.ac.uk\/index.php","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"53","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"12","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"9","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"23% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3.1","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"2.2","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}