Tag Archive for: Unauthorized

Security Experts Warn of Apple Pay Express Transit Hack That Enables Large Unauthorized Visa Payments From Locked iPhones

/in


Researchers in the U.K. have demonstrated how large unauthorized contactless payments can be made on locked iPhones by exploiting Apple Pay’s Express Transit feature when set up with Visa.

apple pay express transit london
Express Transit is an ‌Apple Pay‌ feature that allows for tap-and-go payment at ticket barriers, eliminating the need to authenticate with Face ID, Touch ID, or a passcode. The device does not need to be wakened or unlocked to use Express Transit.

Computer Science researchers from Birmingham and Surrey Universities demonstrated to the BBC how the attack works by exploiting a weakness in the Visa contactless system through the use of a small piece of commercially available radio equipment, which is placed near the phone and masquerades as a ticket barrier.

An Android phone running an app developed by the researchers is used to relay signals from the iPhone to a contactless payment terminal and modifies the communications to fool the terminal into acting as if the ‌iPhone‌ has been unlocked and a payment authorized.

In demonstrating the attack, researchers made a contactless Visa payment of £1,000 from a locked ‌iPhone‌. The scientists only took money from their own accounts. The researchers said the Android phone and payment terminal used don’t need to be near the victim’s ‌iPhone‌ as long as there’s an internet connection.

Apple told the BBC the matter was an issue with the Visa system.

“We take any threat to users’ security very seriously,” said Apple. “This is a concern with a Visa system but Visa does not believe this kind of fraud is likely to take place in the real world given the multiple layers of security in place. In the unlikely event that an unauthorized payment does occur, Visa has made it clear that their cardholders are protected by Visa’s zero liability policy.”

The researchers said the attack might be easiest to deploy against a stolen ‌iPhone‌, although there’s no evidence that the hack has been used in the wild. Visa said payments were secure and attacks of this type were impractical outside of a lab.

“Visa cards connected to Apple Pay Express Transit are secure, and cardholders should continue to use them with confidence,” said a Visa spokesperson….

Source…

These eight Android apps make unauthorized purchases and need to be uninstalled now!

/in


McAfee said that the infected apps were disguised as photo editors, wallpapers, puzzles, keyboard skins, and other camera-related apps. To get past the Google bouncers, the apps would be clean when submitted to the Play Store, and various updates added the malicious code later on. But once again, our tried and true way to find malicious apps would have kept you from being charged for purchases that you didn’t authorize and taken to the cleaners.

If you’re a loyal PhoneArena reader you know that we often tell you that browsing through the comments section for red flags can save you from installing a malicious and problematic app. Look at the comments that accompany this article and you’ll see perfect examples of what you should look for. McAfee calls this malware Android/Etinu.

McAfee says that Etinu is similar to another family of Android malware known as Joker which also hijacks text messages and makes unauthorized purchases while the victim pays. Even though Google removed them from the Play Store, they can still be on your phone. The eight apps that need to be uninstalled if found on your Android device include:

  • com.studio.keypaper2021
  • com.pip.editor.camera
  • org.my.favorites.up.keypaper
  • com.super.color.hairdryer
  • com.ce1ab3.app.photo.editor
  • com.hit.camera.pip
  • com.daynight.keyboard.wallpaper
  • com.super.star.ringtones

McAfee says, “The McAfee Mobile Research team continues to monitor these threats and protect customers by analyzing potential malware and working with app stores to remove it. Further, using McAfee Mobile Security can detect such threats and protect you from them via its regular updates. However, it’s important to pay attention to apps that request SMS-related permissions and Notification Listener permissions…legitimate photo and wallpaper apps…

Source…

FBI finds 79,100 Georgia medical center patients’ data on unauthorized computer

/in


Jackie Drees

Griffin, Ga.-based Family Medical Center, part of Gore Medical Management, recently began notifying patients that their personal information may have been exposed through a hacking incident in 2017.

Gore Medical Management reported the breach to HHS Feb. 8 as affecting 79,100 individuals. In a notice published on its website, the medical center said the FBI notified it of the data theft in November 2020 after finding the stolen files on a third-party computer that was not part of Family Medical Center’s practice.

Patient information exposed included names, addresses, dates of birth and Social Security numbers. The stolen files did not contain healthcare or financial records, according to the notice.

The hacker did not access Family Medical Center’s medical records database to steal the patient data. The medical center said it discovered and eliminated the access point the hacker used several months after the breach.

The medical center is offering one year of free identity protection and credit-monitoring services to affected patients as a result of the incident.

More articles on cybersecurity:
CISA warns of vulnerabilities in file transfer services after ransomware attacks on Centene, Kroger
Email hack exposes 45,000 patients’ data at Covenant HealthCare
Pandemic drove uptick in cyberattacks: 3 report findings


© Copyright ASC COMMUNICATIONS 2021. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.

Source…

Namogoo raises $40M to stop unauthorized ad injections and ‘customer journey hijacking’ – TechCrunch

/in

Namogoo raises $ 40M to stop unauthorized ad injections and ‘customer journey hijacking’  TechCrunch
“HTTPS hijacking” – read more