Crash and Pay: How to Own and Clone Contactless Payment Devices

by Peter Fillmore
Sept. 18, 2017 1 comment Black Hat belen_caty Pen Testing & Audits

With all this talk about NFC payments (Apple Pay, Google Wallet, etc.), are there claims on your card that can't be cloned? What security mechanisms can prevent this? How can they be subverted to make fraudulent transactions? This talk answers these questions by taking you through how NFC payments work and how you can perform fraudulent transactions with just an off-the-shelf phone and a little bit of software. I'll take you through how you can clone common NFC payment cards; show you the attacks and explain why it is possible. Information will be provided on the inexpensive tools now available for testing NFC devices and how to put together your own testing lab to test for vulnerabilities over these interfaces.

negrii_irina88 8 months ago

I still don't trust paying my jeans with NFC technology. Sounds funny but there are still things to solve with it :) Good article!