Can you clone Google Pay/MasterCard and bypass £100 limit?
Timur is back ! and thins time we are discussing mobile payments. Over the years tapping with your phone to pay for something has become ubiquitous - but do you think about the risks ? One of the main differences between Apple/Samsung and Google is that Google Pay allowed payments on the locked phone on any merchant int he past using Transport mode. In 2019 Timur showed how vulnerabilities in Visa PayWave could be used to make payments on locked Android phones above Tap & Go limits (£100 now in the UK). In this video Timur demonstrates how to make a functional clone of the wallet for the limited amount of transactions. That means if hacker has a temporary access to the locked phone, they can collect enough information pay in the supermarket later on using the saved data. This is a "transactions clone" as opposed to "card clone" when hackers are limited with the amount of possible payments. So how does the attack work ? If the phone is locked, you are limited with the amount of transactions that you can make. Each transaction has limited maximum amount. Let's say we have only 5 tries. Maximum entropy is 1,000. That would mean that the terminal will present one of 1,000 random numbers and we should have had a card response for this random number being recorded. If we will use the Bernulli trial formula, a hacker only needs to make 20 attempts of payments in shop, then the probability of getting one of the five pre-recorded values for the presented random numbers will be 10%. For 50 attempts - 22%. It's more than enough if the tokenisation service does not check the large-value ATC jumps or if the wallet is not used very often. Google was informed in January 2021, shortly after that they implemented the security option to disable payments on the locked phone. At the same time Google reduced the amount of allowed transactions on the locked phone. for more information see https://www.paymentvillage.org/blog/how-to-clone-google-paymastercard-transactions
Timur is back ! and thins time we are discussing mobile payments. Over the years tapping with your phone to pay for something has become ubiquitous - but do you think about the risks ? One of the main differences between Apple/Samsung and Google is that Google Pay allowed payments on the locked phone on any merchant int he past using Transport mode. In 2019 Timur showed how vulnerabilities in Visa PayWave could be used to make payments on locked Android phones above Tap & Go limits (£100 now in the UK). In this video Timur demonstrates how to make a functional clone of the wallet for the limited amount of transactions. That means if hacker has a temporary access to the locked phone, they can collect enough information pay in the supermarket later on using the saved data. This is a "transactions clone" as opposed to "card clone" when hackers are limited with the amount of possible payments. So how does the attack work ? If the phone is locked, you are limited with the amount of transactions that you can make. Each transaction has limited maximum amount. Let's say we have only 5 tries. Maximum entropy is 1,000. That would mean that the terminal will present one of 1,000 random numbers and we should have had a card response for this random number being recorded. If we will use the Bernulli trial formula, a hacker only needs to make 20 attempts of payments in shop, then the probability of getting one of the five pre-recorded values for the presented random numbers will be 10%. For 50 attempts - 22%. It's more than enough if the tokenisation service does not check the large-value ATC jumps or if the wallet is not used very often. Google was informed in January 2021, shortly after that they implemented the security option to disable payments on the locked phone. At the same time Google reduced the amount of allowed transactions on the locked phone. for more information see https://www.paymentvillage.org/blog/how-to-clone-google-paymastercard-transactions