Presented at
Black Hat USA 2017,
July 27, 2017, 9 a.m.
(25 minutes).
When people ask about wireless payments (PayPass, ApplePay, SamsungPay, etc), everyone certainly claims that ApplePay is one of the most secure systems. The separate microprocessor for payments (Secure Enclave), absence of card data storing/transmitting in plaintext during payments look like an ideal defense. However, the devil is in the details! We'll present a specially developed opensource utilities which demonstrates how hackers can reconnect your card to their iPhone or make fraudulent payments directly on the victim's phone, even without a jailbreak.
Presenters:
-
Timur Yunusov
- Senior Expert, Positive Technologies
Timur Yunusov is Senior Expert of Banking systems security and author of multiple research in the field of application security, including "Bruteforce of PHPSESSID," rated in Top Ten Web Hacking This includes techniques of 2012 by WhiteHat Security and "XML Out-Of-Band" shown at the Black Hat EU 2013. Timur is a professional application security researcher who has previously spoken at Black Hat EU, HackInTheBox, Nullcon, NoSuchCon, CanSecWest, Hack In Paris, ZeroNights and Positive Hack Days.
Links:
Similar Presentations: