Virtual wallets have gained a lot of popularity in recent years. the comfort of Do not bring in cash In addition, the speed of transactions and the ease of downloading the apps have led millions of users to adopt them. However, like everything that is digital, They are always exposed to infringement.
Two cybersecurity researchers exposed a number of vulnerabilities in electronic means of payment during the second day of Ekoparty, one of Hacker conventions and information security in Latin America.
According to Dan Burggno and Ileana Barrionuev Mercado Pago, Getnet, Ualá bis and Naranja xamong others, it can be abused by computer-savvy scammers.
“The goal of the talk was to show how some issues that are poorly implemented allow criminals to to abuse and achieve, for example, Make purchases that the user has not made“, He told Clarin Borggno.
While there is a lot of social engineering behind the attacks, i.e. deceiving users or the famous digital uncle story, platforms can be hacked in a variety of ways. And in the exhibition they counted specific cases with technical details for the participantsincluding information security experts and hackers from across the region.
The attacks
“In one of the attacks we showed how with a rooted phone [alterado] It is possible to intervene on a Payment Market Transaction: by doing what is called ‘Tampering’, the attacker can keep all the user’s information and replicate it in another purchase to your advantageBorgogno explained.
“In fact, you can manipulate quantity, data, everything. In plus or minus 33 hours you can guess the card code with brute force”, which is a form of attack that repeatedly tests a key until it can crack it, adds Barrionuevo.
“In another we cover, we show how with all payments the use of Bluetooth has been poorly implemented and we even detected a case of fraud where the device was used to guess the Security code, CVV cards and then make a payment”, develop the experts.
Let’s try to be clear: it is not easy to do. But Borgno and Barrionuevo work “Red Teammers” (red team), i.e. they are hired to try to exploit platforms to discover problems before criminals. “We are avid users of these platforms, but we also work to make them more secure,” they explain.
If there’s a chance that one of these virtual wallets is compromised, their job is detect it.
Tips to avoid scams
In addition to warning about the vulnerabilities, the authors of the speech said that users can have certain collections in order not to be hacked.
Do not connect to unknown Wi-Fi networks never: much less when making a payment. Don’t share passwords, don’t have them stored in a cloud notes or documents application, and always turn on double-factor authentication,” Barrionuevo advised.
And he added a detail no less: Order the posnet at the table When we make a payment with a card, since if we lose it from our sight, they could clone it or extract your data to make purchases.
However, the whole point of their talk was about applications Improve your security measures.
“On applications, everything should offer double factor authentication to users. And they should also let the user choose which one to use. And they should also warn the user when there is a transaction or any movement, so that he can notice any anomaly ”, closes Barrionuevo.
In total, Ekoparty meets more than 40 speeches between international and local speakers at the Buenos Aires Congress Center (Figuero Alcorta 2099). Admission is free and the complete program can be consulted here.
Source: Clarin