Hand in Your Pocket Without You Noticing: Current State of Mobile Wallet Security

Presented at Black Hat Europe 2021, Nov. 10, 2021, 1:30 p.m. (40 minutes)

Apple Pay, Google Pay, and Samsung Pay are the de-facto payment services for mobile users. Their growth and popularity during COVID-19 have given mobile users the option to pay with ease, often without the need to touch a payment terminal. Mobile wallets are considered by many to be state-of-the-art when it comes to payment security. But in fact, these brands do not protect their customers well enough against malicious actors. They only protect themselves.

In our research, we've found inconsistencies in "contactless payments for public transport" schemes that lead to potential fraud using lost or stolen mobile phones. We successfully defrauded victims using stores located around the planet without the phone ever leaving the victim's pocket.

This talk will delve into the fascinating world of contactless payments on mobile wallets and the background of its infrastructure and liability rules.


Presenters:

  • Timur Yunusov - Senior Expert, Positive Technologies
    Timur Yunusov is a Security Expert in the area of payment security and application security, one of the organisers of Payment Village. He has authored multiple pieces of research in the field of payment security. He regularly speaks at conferences and has previously spoken at CanSecWest, Black Hat USA, Black Hat Europe, HackInTheBox, Nullcon, NoSuchCon, Hack In Paris, ZeroNights and Positive Hack Days.

Links:

Similar Presentations: