Researchers find ApplePay Visa contactless hack
bbc.co.uk> The researchers say the Android phone and payment terminal used don't need to be near the victim's iPhone.
> "It can be on another continent from the iPhone as long as there's an internet connection" said Dr Ioana Boureanu of the University of Surrey.
While I don't doubt the vulnerability is serious in close proximity, saying it can work from another continent sounds like total nonsense. That would have to be one hell of a powerful radio signal.
Surely this researcher was quoted out of context in that it's the Android phone that can be on any continent?
> Surely this researcher was quoted out of context in that it's the Android phone that can be on any continent?
That’s what the article says, as far as I can tell. They still need a radio receiver near the iPhone. The android phone can be anywhere.
I’m not sure how this threat differs from a payment card that doesn’t require a PIN for purchases under $x. Presumably you could use the same attack.
I assume it's just that the AP limit of £1000 is an order of magnitude higher than the limit for a physical card. (Maybe the Transit limit should be lower?)
I would also assume that this is why the article references Samsung Pay but not Google Wallet - the former seems to have a Transit-like option but not the latter?
Both the android phone and the payment terminal can be on another continent. The only thing that needs to be in close proximity is some commercially available electronics.
Why? Relay it via Wireguard tunnel.