For our security friends in London, our next HACK::SOHO event will be held on 23, November.
Andreea-Ina Radu will present the intricacies of the security issues surrounding contactless mobile payments. Demos will show how vulnerabilities within the EMV (Europay, Mastercard, Visa) payment protocols, together with suboptimal design choices can lead to unauthorised access to payment wallets without any user intervention; specifically, reviewing the concept of relay attacks, wherein malicious actors intercept and relay messages between a contactless EMV bank card and a shop reader, effectively enabling wireless pickpocketing. While mobile payments initially seemed like a security enhancement, due to the necessity of unlocking the device, we will explore how the demands of modern, fast-paced lifestyles and the desire for convenience have counteracted this security progress.
The presentation will finish with a discussion of the vendor responses to responsible disclosure of these issues, and delving into potential remedial measures that could be implemented by any of the parties involved in the mobile payment ecosystem.
HACK::SOHO is a monthly event hosted at our London, UK office for the cybersecurity and hacking community to discuss all things security over food and refreshments.