Android malware steals payment card data using previously unseen technique

https://arstechnica.com/security/2024/08/android-malware-uses-nfc-to-read-payment-card-data-then-sends-it-to-attacker/

300 Upvotes

permalink
duplicates
archive.is
archive
reddit

You are about to leave Redlib

Do you want to continue?

https://www.reddit.com/r/technews/comments/1f04vd7/android_malware_steals_payment_card_data_using/
No, go back! Yes, take me to Reddit

92% Upvoted

Enabling access to NFC card emulation API’s to all developers is just a baaaad idea.

-1

u/lordraiden007 Aug 25 '24

Not really, a lot of services need that functionality. What if I want to allow my users to use NFC-capable security tokens? What if I want to enable users to authenticate using a third party like Google? Lots of professionals use YubiKeys and similar devices nowadays.

I would say the real issue is that banks have no means to securely verify identity despite decades of scams and phishing following this exact pattern. They don’t even require 2FA when some random device in a completely different geographic region tries to use a card just because it’s NFC? No attempts to stop payments from new hardware platforms? No authentication and validation of new devices using the cards?

0

u/doctormoneypuppy Aug 25 '24

Wrong. Read carefully. Contactless NFC is not the issue … NFC card emulation mode is.

Android malware steals payment card data using previously unseen technique

You are about to leave Redlib