Apple AirTag ‘hack’ indicates dynamic NFC capability
A hacker has reprogrammed the microcontroller in one of Apple’s new AirTag location tracking devices to make the NFC tag within it point to an arbitrary URL... More
Hack
PayPal fixes Google Pay integration exploit
PayPal says it has now fixed an issue with its Google Pay integration that saw multiple users reporting that unauthorized transactions were appearing in their PayPal history, ZDNet reports... More
Researchers showcase method for bypassing contactless card limit
Hack breaks your Visa card’s contactless limit for big frauds — Forbes — “To carry out their hack, the researchers used a specialised piece of hardware to intercept and insert messages in the communications between the card and the reader. For instance, they could tell the card that verification — like a PIN — wasn’t needed, even though the requested amount was more than £30. They then told the terminal that verification has already been made by another means.”
7-Eleven Japan halts QR payments rollout after hackers steal $500k in two days
Seven-Eleven mobile pay hack hits Japan’s drive to go cashless — Nikkei Asian Review — “Japan’s second-largest retail group by sales on Monday rolled out 7pay, which lets users make purchases with a smartphone app at Seven-Eleven Japan’s roughly 21,000 stores nationwide… By early Thursday, Seven & i had confirmed about 55 million yen ($510,000) stolen from 900 or so 7pay users. The company has in effect suspended the service by stopping users from adding money to their accounts.”
Federal Trade Commission to investigate Equifax data breach
FTC probes Equifax, top Democrat likens it to Enron — Reuters — “The US Federal Trade Commission said on Thursday it was investigating Equifax Inc’s massive data breach, and a top Democrat suggested the credit monitoring company’s corporate leaders might need to resign… Senate Democratic leader Chuck Schumer compared Equifax to Enron, the US energy company that filed for bankruptcy in 2001 after revelations of a widespread accounting fraud.”
Samsung says iris scanner hack could “only have been made under a rare combination of circumstances”
Samsung has responded to the group of hackers from the Chaos Computer Club (CCC) who managed to defeat the iris recognition system on the Samsung Galaxy S8 and S8+ smartphones, saying that the hackers’ claims could “only have been made under a rare combination of circumstances”. More
Hackers defeat Samsung Galaxy S8 iris scanner
Hackers defeat Samsung Galaxy S8 iris scanner — Security Week — “Hackers of the Chaos Computer Club (CCC) in Germany have managed to defeat the iris recognition system on Samsung’s flagship Galaxy S8 smartphones… While an individual’s iris is unique, researchers from CCC showed that Samsung’s iris scanner can be defeated by showing it a picture of the victim’s eye.”
Jailbreak developer hacks NFC on iPhone 6S to talk to NFC devices
Jailbreak developer hacks NFC on iPhone 6S to talk to NFC devices — 9to5Mac — “In a brief video, the well-known developer showcases a jailbroken iPhone 6S interacting with an NFC-enabled tag. The phone promptly responds to the presence of the tag with a notification identifying the tag.”
Mobile payments to replace cash and cards by 2030?
Seven in ten consumers (70%) believe that 2030 will be the year that mobile payments become secure enough for traditional payment methods such as cash and cards to no longer be required, the IEEE’s Global Cyber-security Survey has found... More
Samsung responds to LoopPay hack
Samsung has responded to a New York Times report that claimed a hacking group affiliated with the Chinese government penetrated the corporate network of LoopPay, the inventor of Magnetic Secure Transmission (MST) technology that was acquired in February to form a core part of Samsung Pay... More
NYT reports on LoopPay breach
A hacking group affiliated with the Chinese government penetrated the corporate network of LoopPay, the inventor of the Magnetic Secure Transmission (MST) technology that was acquired in February 2015 to form a core part of Samsung Pay, the New York Times reports... More
Apple Watch vulnerability could let thieves use Apple Pay
A video published by a group of hackers has demonstrated how a stolen Apple Watch could be used by the thief to make payments using Apple Pay without them having to authenticate the transactions in any way — as long as they are quick. More
Starbucks denies mobile payment hack
Starbucks has issued a statement denying its mobile payment app has been hacked, following a report by investigative journalist Bob Sullivan... More
MCX suffers email address data breach
“Within the last 36 hours, we learned that unauthorized third parties obtained the email addresses of some of our CurrentC pilot program participants and individuals who had expressed interest in the app,” retailer-owned mobile payments consortium MCX has revealed... More
NXP CEO: NFC secure elements will continue to see strong demand
“We feel very comfortable with the strength of the secure element,” NXP Semiconductors CEO Rick Clemmer has told analysts during the chip maker’s second quarter earnings call... More
Italian hackers reveal ‘infinite rides’ ticket exploits
Two Italian hackers have told the Defcon convention about a pair of vulnerabilities in some contactless transportation ticketing systems that allow tickets to be altered by an NFC phone to give unlimited free rides... More
NXP responds to NFC transit security hack
Researchers at Intrepidus Group have demonstrated how an Android NFC phone can be used to add value to a transit card without paying but, says NXP, the vulnerability is limited to transportation card issuers that haven’t upgraded from Mifare Ultralight to the newer Mifare Ultralight C technology. More
Forum responds to Black Hat presentation on NFC vulnerabilities
“The NFC Forum works to ensure that tools are available to allow applications to operate with the appropriate level of security,” says the industry standards body. “Mr Miller’s demonstration underscores the importance of providing appropriate security measures at the application layer and enabling users to adjust security settings to suit their own needs and preferences.” More
Security researcher to present on NFC at Black Hat
Noted security researcher Charlie Miller is to present the findings from his research into NFC P2P and tag reading vulnerabilities at Black Hat 2012 today... More
Wallet users get $5 credit
Google is topping up Google Wallet prepaid card accounts with an extra US$5 credit, The Verge reports... More
