Tag Archive for: contactless

Security researchers discover Apple Pay and Visa contactless payment hack

/in


Photo
Photo (c) martin-dm – Getty Images

A team of security researchers has uncovered a new hack that could allow bad actors to make unauthorized charges through victims’ iPhones. 

In a demonstration to the BBC, researchers from the Computer Science departments of Birmingham and Surrey Universities in the U.K. showed how cyber thieves can exploit a feature in Apple Pay that could leverage unauthorized contactless payments. According to the researchers, the problem lies in how Visa cards are set up in “Express Transit” mode in an iPhone’s wallet. 

Express Transit is an Apple Pay feature that enables commuters to make quick contactless payments without having to unlock their phone. It’s similar to how a commuter might pay for a ride on New York City’s MTA, Los Angeles’ TAP, or Chicago’s CTA. 

How it works

In the demo, researchers showed how easy it was for them to make a Visa payment of £1,000 [$13,460 USD] without unlocking the phone or authorizing the payment. 

All a hacker has to do is set up a commercially available piece of radio equipment near where the iPhone might be used to make a payment, such as a retail store. The hacker can then trick the iPhone into thinking it’s dealing with a legitimate point-of-contact. 

The scary thing is that the crook’s phone and the payment terminal that’s being used don’t need to be anywhere near the victim’s iPhone. “It can be on another continent from the iPhone as long as there’s an internet connection,” said Dr. Ioana Boureanu of the University of Surrey.

Apple and Visa aren’t worried…yet

While the researchers may think the incursion is a real possibility, neither Apple nor Visa are sweating it quite yet. According to the BBC, Apple said the matter was “a concern with a Visa system.” Visa said its payments were secure and attacks of this type were impractical outside of a lab.

Visa told the BBC that it took all security threats seriously, but it says this isn’t something that consumers should worry about. 

“Visa cards connected to Apple Pay Express Transit are secure, and cardholders should continue to use them with confidence,” the company said. “Variations of contactless fraud schemes have been studied in laboratory…

Source…

Researchers find Apple Pay, Visa contactless hack

/in



In a video, researchers demonstrated making a contactless Visa payment of £1,000 from a locked iPhone. Apple said the matter was “a concern with a Visa system”. Visa said payments were secure and …

Source…

Coronavirus Leads to More Use of Contactless Credit Cards and Mobile Payments Despite Cost and Security Concerns – Business Wire

/in

Coronavirus Leads to More Use of Contactless Credit Cards and Mobile Payments Despite Cost and Security Concerns  Business Wire
“mobile security news” – read more

NIST sets the stage for contactless fingerprint readers

/in

Biometric technologies may soon replace cumbersome passwords, but the U.S. National Institute of Technology is looking out to a time when you won’t even have to press your finger onto a grimy fingerprint reader to gain entry to a computer.

NIST has funded a number of companies to make touchless fingerprint readers possible, and is creating a framework for evaluating possible technologies for widespread use.

Touchless fingerprint readers could be particularly useful for quickly identifying large numbers of people, such as a queue entering a controlled facility, NIST contends. Germaphobes would also appreciate the technology, as they would not have to touch potentially germy fingerprint readers to gain access to their computers.

To read this article in full or to leave a comment, please click here

Network World Security