The Future of ApplePwn - How to Save Your Money

Presented at Black Hat USA 2017, July 27, 2017, 9 a.m. (25 minutes)

When people ask about wireless payments (PayPass, ApplePay, SamsungPay, etc), everyone certainly claims that ApplePay is one of the most secure systems. The separate microprocessor for payments (Secure Enclave), absence of card data storing/transmitting in plaintext during payments look like an ideal defense. However, the devil is in the details! We'll present a specially developed opensource utilities which demonstrates how hackers can reconnect your card to their iPhone or make fraudulent payments directly on the victim's phone, even without a jailbreak.

Presenters:

• Timur Yunusov - Senior Expert, Positive Technologies
  Timur Yunusov is Senior Expert of Banking systems security and author of multiple research in the field of application security, including "Bruteforce of PHPSESSID," rated in Top Ten Web Hacking This includes techniques of 2012 by WhiteHat Security and "XML Out-Of-Band" shown at the Black Hat EU 2013. Timur is a professional application security researcher who has previously spoken at Black Hat EU, HackInTheBox, Nullcon, NoSuchCon, CanSecWest, Hack In Paris, ZeroNights and Positive Hack Days.

Links:

• https://www.blackhat.com/us-17/briefings/schedule/#the-future-of-applepwn---how-to-save-your-money-6430
• https://www.youtube.com/watch?v=mGmT0Rd838w
• https://www.blackhat.com/docs/us-17/thursday/us-17-Yunusov-The-Future-Of-Applepwn-How-To-Save-Your-Money.pdf

Similar Presentations:

• Black Hat Europe 2019 / First Contact - Vulnerabilities in Contactless Payments
• LayerOne 2018 / Hack In, Cash Out: Hacking and Securing Payment Technologies
• ekoparty 14 (2018) / Security in Digital Payments: Inside the Mind of the Attacker