All Your Payment Tokens Are Mine - Vulnerabilities of Mobile Payment Systems
Offered By: Black Hat via YouTube
Course Description
Overview
Explore vulnerabilities in popular mobile payment systems in this 23-minute Black Hat conference talk. Discover how offline payment schemes, designed for smooth user experiences in poor network conditions, can expose security weaknesses. Learn about practical attacks on MST-based mobile payments, sound pay systems, and QR code payments through sniffing and interruption techniques. Examine a critical security flaw and bonus attacks involving token sniffing and protection. Gain insights into potential remedies for these vulnerabilities, enhancing your understanding of mobile payment security challenges and solutions.
Syllabus
Intro
Mobile payment is so popular!
Mobile payment don't use network
Offline payment schemes
Security weak points
Security is not that bad
Practical Attacks
MST based mobile payment
Devices used to attack MST
Attack Sound Pay
Attack QR code payment, sniffing
Attack QR code payment, interrupting
A security flaw
Bonus attack, token sniffing
Bonus attack, token protection
Remedy
Taught by
Black Hat
Related Courses
Attack on Titan M, Reloaded - Vulnerability Research on a Modern Security ChipBlack Hat via YouTube Attacks From a New Front Door in 4G & 5G Mobile Networks
Black Hat via YouTube AAD Joined Machines - The New Lateral Movement
Black Hat via YouTube Better Privacy Through Offense - How to Build a Privacy Red Team
Black Hat via YouTube Whip the Whisperer - Simulating Side Channel Leakage
Black Hat via YouTube