British security researchers have found VISA wireless payments vulnerability-vulnerability warning-the black bar safety net

ID MYHACK58:62201455557
Type myhack58
Reporter 佚名
Modified 2014-11-07T00:00:00


Recently, UK Newcastle University, security researcher in the VISA contactless payment card, found a security vulnerability, exploit the vulnerability the attacker is simply using the phone from someone else's wallet to steal large amounts of cash.

Contactless payment card using the encryption chip cryptoprocessor and RFID technology for wireless payment, without the need for the traditional payment method that you want to put Bank card is inserted into the card reader to complete the payment. A portion having the NFC function of the phone you can achieve non-contact payment.

In the UK, this non-contact card 2 0 £ the purchase of credit limit. When shopping, the user need not input PIN code directly brush through to payment. However, the non-contact type card, a vulnerability exists--does not recognize the foreign currency transaction, so cybercriminals can exploit this vulnerability to illicit transfers and illegal transfer of the amount can reach up to 9 9 9,999.99 USD.


Researchers in the 2 1 session of the secure communication and computer session, the details of this during the attack: the attacker through the phone installed on the POS terminal, the pre-set better account of the amount, and then put the phone near the victim's wallet to make illegal transfers.

The project's chief researcher in the findings statement, an attacker would only need one installation of the POS terminal of the mobile phone to complete the huge amount of transfer, without in the trading terminal. But experts fear that criminals might exploit this vulnerability to a small amount of the way to make transfers, so you can either steal the money and very difficult to be traced.

[1] [2] next