The cybersecurity researchers have recently detected a threat attack that could easily enable the threat actors to trick a point of sale terminal into compromising with a victim’s Mastercard contactless card while considering it to be a Visa card.
The research has been published by a group of academics from ETH Zurich and reported the threat last September. EMV was prepared after its founders, which are Europay, Mastercard, and Visa; it’s the international protocol standard for in-store smartcard payment.
EMV was announced to run in over 9 billion credit and debit cards worldwide in the month of December 2019. Although having the standard advertised security, has solved several issues that have been earlier revealed.
The experts have acquired a proof-of-concept Android application to demonstrate the attack. The app that has been developed by the experts has implemented the attacks like man-in-the-middle attacks built on top of a relay attack structure, utilizing two NFC-enabled phones.
Here, the threat actors must have access to the victim’s card, either by stealing it or obtaining it if lost or by accommodating the POS emulator near it, if still in the victim’s possession.
However, the attacks work by transforming the terminal’s commands and the card’s acknowledgments before remitting them to the identical recipient.
According to the experts, the attack on Visa consists of a modification of the Card Transaction Qualifiers, before surrendering it to the terminal. But, the modification directs the terminal in which:-
The security researchers have claimed that they have already tested this attack successfully with:-
While the attack on Mastercard primarily comprises the substitute of the card’s valid App Identifiers along with the Visa AID A0000000031010 to trick the terminal into stimulating the Visa kernel.
However, the terminal’s authorization application must reach the card-issuing bank, and for this several conditions must be met, and here are the conditions:-
Moreover, the security experts have confirmed that they have already performed this attack successfully with four different cards, and here they are:-
ETH Zurich researchers announced that they were able to bypass PIN verification for all kinds of deals with Mastercard credit and debit cards, that also include two Maestro debit and two Mastercard credit cards, all published by different banks, with one of the transactions exceeding $400.
But, the Mastercard has attached a number of countermeasures, that include mandating financial institutions to combine the AID in the authorization data, not only this but it also allows the card issuers to check the AID against the PAN.
Moreover, all the payment network has now rolled out remittances for other data points present in the authorization request that could be utilized to identify an attack of this kind, and decrease the fraudulent transactions.
In a resounding triumph for justice, U.S. District Judge Kathryn Kimball Mizelle has sentenced Vitalii…
Hackers are plotting to benefit from the generosity of Halloween, Thanksgiving, and Christmas shoppers using…
The LLMs (Large Language Models) are evolving rapidly with continuous advancements in their research and…
In the dynamic realm of mobile application security, cybercriminals employ ever more sophisticated forms of…
A recent campaign has been observed to be delivering DJvu ransomware through a loader that…
In a pivotal update to the Okta security incident divulged in October 2023, Okta Security…