Explore vulnerabilities in popular mobile payment systems in this 23-minute Black Hat conference talk. Discover how offline payment schemes, designed for smooth user experiences in poor network conditions, can expose security weaknesses. Learn about practical attacks on MST-based mobile payments, sound pay systems, and QR code payments through sniffing and interruption techniques. Examine a critical security flaw and bonus attacks involving token sniffing and protection. Gain insights into potential remedies for these vulnerabilities, enhancing your understanding of mobile payment security challenges and solutions.
All Your Payment Tokens Are Mine - Vulnerabilities of Mobile Payment Systems
Overview
Syllabus
Intro
Mobile payment is so popular!
Mobile payment don't use network
Offline payment schemes
Security weak points
Security is not that bad
Practical Attacks
MST based mobile payment
Devices used to attack MST
Attack Sound Pay
Attack QR code payment, sniffing
Attack QR code payment, interrupting
A security flaw
Bonus attack, token sniffing
Bonus attack, token protection
Remedy
Taught by
Black Hat
