Crash & Pay: How to Own and Clone Contactless Payment Devices

Black Hat USA 2015

Presented by: Peter Fillmore
Date: Wednesday August 05, 2015
Time: 16:20 - 17:10
Location: South Seas ABE

With all this talk about NFC payments (Apple Pay, Google Wallet, etc.), are there claims on your card that can't be cloned? What security mechanisms can prevent this? How can they be subverted to make fraudulent transactions?

This talk answers these questions by taking you through how NFC payments work and how you can perform fraudulent transactions with just an off-the-shelf phone and a little bit of software. I'll take you through how you can clone common NFC payment cards; show you the attacks and explain why it is possible. Information will be provided on the inexpensive tools now available for testing NFC devices and how to put together your own testing lab to test for vulnerabilities over these interfaces.

Peter Fillmore

Peter Fillmore is an expert in the security of real world payment systems. He has worked to design and certify many different systems that we all rely on today. He provides consulting and training services to international clients looking to implement, secure and certify systems to international standards. Outside of these services he enjoys looking for WONTFIX bugs in protocols and trolling listeners of music streaming services with unlistenable junk. He enjoys long midnight strolls on the beach, listening to high pitched screaming and ripping important pcb traces off expensive equipment.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats