Hand in Your Pocket Without You Noticing - Current State of Mobile Wallet Security
Offered By: Black Hat via YouTube
Course Description
Overview
Explore the vulnerabilities in popular mobile payment services like Apple Pay, Google Pay, and Samsung Pay in this 37-minute Black Hat conference talk. Discover how these seemingly secure systems can be exploited for fraud, particularly in public transport schemes. Learn about inconsistencies in contactless payments that allow malicious actors to defraud victims without physical access to their phones. Delve into the technical aspects of mobile wallet operations, including cryptogram requests and card mixup attacks. Examine specific vulnerabilities in Visa cards and transport modes, with a focus on Apple Pay and Mastercard. Gain insights into the current state of mobile wallet security and understand why these services may not adequately protect users against potential threats.
Syllabus
Introduction
Fraud against mobile wallets
How mobile wallets work
Background
Cryptogram Request
Can I use this data to make a purchase
Card mixup attack
Visa card attack
Transport mode
Apple Pay
Mastercard
Detective Story
Conclusion
Taught by
Black Hat
Related Courses
Attack on Titan M, Reloaded - Vulnerability Research on a Modern Security ChipBlack Hat via YouTube Attacks From a New Front Door in 4G & 5G Mobile Networks
Black Hat via YouTube AAD Joined Machines - The New Lateral Movement
Black Hat via YouTube Better Privacy Through Offense - How to Build a Privacy Red Team
Black Hat via YouTube Whip the Whisperer - Simulating Side Channel Leakage
Black Hat via YouTube