YoVDO

Hand in Your Pocket Without You Noticing - Current State of Mobile Wallet Security

Offered By: Black Hat via YouTube

Tags

Black Hat Courses Cybersecurity Courses Cryptography Courses Fraud Detection Courses

Course Description

Overview

Explore the vulnerabilities in popular mobile payment services like Apple Pay, Google Pay, and Samsung Pay in this 37-minute Black Hat conference talk. Discover how these seemingly secure systems can be exploited for fraud, particularly in public transport schemes. Learn about inconsistencies in contactless payments that allow malicious actors to defraud victims without physical access to their phones. Delve into the technical aspects of mobile wallet operations, including cryptogram requests and card mixup attacks. Examine specific vulnerabilities in Visa cards and transport modes, with a focus on Apple Pay and Mastercard. Gain insights into the current state of mobile wallet security and understand why these services may not adequately protect users against potential threats.

Syllabus

Introduction
Fraud against mobile wallets
How mobile wallets work
Background
Cryptogram Request
Can I use this data to make a purchase
Card mixup attack
Visa card attack
Transport mode
Apple Pay
Mastercard
Detective Story
Conclusion


Taught by

Black Hat

Related Courses

Attack on Titan M, Reloaded - Vulnerability Research on a Modern Security Chip
Black Hat via YouTube
Attacks From a New Front Door in 4G & 5G Mobile Networks
Black Hat via YouTube
AAD Joined Machines - The New Lateral Movement
Black Hat via YouTube
Better Privacy Through Offense - How to Build a Privacy Red Team
Black Hat via YouTube
Whip the Whisperer - Simulating Side Channel Leakage
Black Hat via YouTube