The recent emergence of Near Field Communication (NFC) enabled smartphones 
resulted in an increasing interest in NFC security. Several new attack 
scenarios, using NFC devices either as attack plattform or as device under 
attack, have been discovered. One of them is the software-based relay attack. 
In this paper we evaluate the feasibility of the software-based relay attack 
in an existing mobile contactless payment system. We give an in-depth 
analysis of Google Wallet's credit card payment functionality. We describe 
our prototypical relay system that we used to sucessfully mount the 
software-based relay attack on Google Wallet. We discuss the practicability 
and threat potential of the attack and provide several possible workarounds. 
Finally, we analyze Google's approach to solving the issue of software-based 
relay attacks in their recent releases of Google Wallet.