Hand in Your Pocket Without You Noticing - Current State of Mobile Wallet Security

Explore the vulnerabilities in popular mobile payment services like Apple Pay, Google Pay, and Samsung Pay in this 37-minute Black Hat conference talk. Discover how these seemingly secure systems can be exploited for fraud, particularly in public transport schemes. Learn about inconsistencies in contactless payments that allow malicious actors to defraud victims without physical access to their phones. Delve into the technical aspects of mobile wallet operations, including cryptogram requests and card mixup attacks. Examine specific vulnerabilities in Visa cards and transport modes, with a focus on Apple Pay and Mastercard. Gain insights into the current state of mobile wallet security and understand why these services may not adequately protect users against potential threats.

Introduction
Fraud against mobile wallets
How mobile wallets work
Background
Cryptogram Request
Can I use this data to make a purchase
Card mixup attack
Visa card attack
Transport mode
Apple Pay
Mastercard
Detective Story
Conclusion