Researchers at ZTH Zurich have found a severe Vulnerability in contactless cards that allow malicious parties to bypass the need for pin codes using a Man-in-the-middle Principle that allow these hackers to take advantage of the data that is passed between the card and the card machine.

CyberSecurityNews stated that the hackers are required to have a custom Android Application, at least 2 Android Smartphones as well as a stolen card to commit the crime successfully.

 

The system works by using one smartphone as an emulated Point of Sale terminal that is placed near the stolen card, the 2nd smartphone is used as a Card emulator that will transfer modified transaction information to the actual Point of Sale device, the app then sends a signal to the “card terminal emulator” that the cardholder is verified and that no pin is required.

The technicians over at ETH Zurich published a similar exploit with Visa Cards in September 2020 there was no correlation between the VISA and MasterCard at the time as they use different methods of data transmission so it was not apparent that this exploit would affect other carriers

Related Articles

Phishing attacks on the rise

Old mutual has warned that to prevent becoming a victim of fraud it is vital to be wary especially when using transactional, card-based accounts that are linked to savings or cheque accounts. According to the Office of the Banking Ombudsman, these transactional...

New Macs powered by ARM chips might drop in November

A special event may be on the cards for Apple on November 17 as it prepares to launch ARM-powered hardware. Jon Prosser, a tech analyst, tipped off on Twitter that Apple plans to host an ARM Mac event in November, launching its new in-house designed ARM-powered Macs...

D-Link Security Flaw Identified: Do you need a new Router?

Fortinet Labs have recently uncovered that many D-Link routers have a security flaw that is not going to be patched, this leaves the routers vulnerable open for attackers to be able to perform remote code execution with root privileges.  In a statement, they said, "We...

Join Our Newsletter

Sed ut perspiciatis unde omnis iste natus error sit voluptatem accusantium doloremque

Stay Up to Date With The Latest News & Updates