Security flaw affecting Visa cards allowing hackers with Android-powered smartphones to make contactless payments
A recent study by researchers at the Zurich Polytechnic has shown a flaw, not the least.
They were able to identify a vulnerability affecting contactless payment visa cards. Thanks to an application developed by them, running under Google's operating system, Android. Without working on any hacking or system intrusion, researchers have been able to take advantage of some developer privileges typically related to the contactless payment platform.
This article will also interest you: 6 tips to preserve your bank account from hacking and scams
The operation of this hacking computer based on the principle of interception and modification of the information exchanged between the contactless payment card and the terminal responsible for receiving the information to make the payment.
It should be noted that the researchers to succeed in their tour de force did not use any secret code. The security flaw that allowed the hacking was revealed in a publication by u on the website of the Swiss Polytechnic on September 1, 2020.
This discovery is quite important for banks but also for consumers. Indeed, the protocol used for this kind of payment system (Mastercard, VISA, Europay) has been in existence since the 1990s. It is now used in nearly 9 billion payment cards worldwide. According to researchers at the Zurich Polytechnic, MasterCard cards are exposed to the security breach.
After the discovery, a reaction was immediately demonstrated by the Visa consortium. We only find that he is trying to minimize the scope of the security flaw. "Changes in step-by-step fraud methods have been studied for almost a decade. During this period, no such fraud was reported. Studies and tests can be interesting, but in reality these kinds of methods have proven unfeasible to be implemented by fraudsters in the real world. ».
Yet both the study's experts have meant that they have indeed tried their methods in a real situation.That the method is simple enough to set up, to lure the system, there is not a set of set up quite complex. The Android smartphones used are branded Google Pixel and Huawei. To study the system, you simply have the card in your possession. For this the cybercriminal can simply steal it.
The researchers explain that the security flaw is delineated by the fact that the data that is exchanged between the payment device and the card is not authenticated. "We have identified several authentication flaws. One of the flaws discovered leads to an attack that bypasses the PIN code for transactions that are normally protected by a check of the card owner. ». The researchers explain. It then recommends the use of metallic effects that will prevent the use of this critical data remotely.
Now access an unlimited number of passwords: