CarderPlanet
Professional
Researchers at the Swiss Higher Technical School of Zurich have found a way to bypass PIN protection on Mastercard and Maestro contactless cards. At the moment, the vulnerability has already been fixed.
A loophole identified by experts allowed attackers to use stolen bank cards for large purchases without having to enter a PIN code for contactless payments. Worst of all, the scenario described by the researchers can be reproduced in a real situation, moreover, the attack is extremely invisible. Experts even fear that new bugs of this kind will lead to their mass exploitation.
To carry out such an attack, an attacker would have to "wedge" between a stolen card and a payment terminal (PoS). In fact, this is the same Man-in-the-Middle (MitM), only with a slightly different interpretation. The offender in this case will need:
A loophole identified by experts allowed attackers to use stolen bank cards for large purchases without having to enter a PIN code for contactless payments. Worst of all, the scenario described by the researchers can be reproduced in a real situation, moreover, the attack is extremely invisible. Experts even fear that new bugs of this kind will lead to their mass exploitation.
To carry out such an attack, an attacker would have to "wedge" between a stolen card and a payment terminal (PoS). In fact, this is the same Man-in-the-Middle (MitM), only with a slightly different interpretation. The offender in this case will need:
- stolen bank card;
- two smartphones on Android;
- a custom Android application that can interact with transaction fields. This application, which needs to be installed on both smartphones, will work as emulators.