Attacks and fixes in mobile contactless payments

Project specs

Format

2D

Contact

Johanna Steiner-Gosden

Country

UK

Length

02:33

Summary

Researchers from University of Surrey and University of Birmingham, working on the TimeTrust project, demonstrated a security vulnerability in mobile contactless payments. In this attack, concerning ApplePay and Visa, a perpetrator can use a mobile app to steal money out of an Apple Wallet, without unlocking the victim’s phone. Reported to Apple and Visa in 2021, this vulnerability is still live. The researchers proposed several solutions to prevent and stop such attacks, and are now also working with ISO/IEC for an amendment of the ISO/IEC 14443 standard to alleviate this problem in a particular way.

Researcher Profile

How can satellites improve coastal knowledge and support erosion…

Monitoring historical coastal erosion is the first step in being…