20$ is 999999 Euro, (Tue, Nov 4th)

Newcastle (UK) University researchers claim to have found an exploit for the contactless payment feature of Visa cards. One of the fraud prevention features of these cards is that only small amounts can be charged in touch mode, without requiring a PIN. But the researchers say that simply changing the currency seems to evade these precautions completely, and they built a fake POS terminal into a smart phone that apparently can swipe money from unsuspecting victims just by getting close enough to their wallet.

According to the press release, VISAs response was that they believe that the results of this research could not be replicated outside a lab environment. Unfortunately, there aint too many cases in security engineering history where such a claim held for more than a day or three. If this attack turns out to be true and usable in real life, Visas design will go down into the annals of engineering screwups on par with NASAs Mars Climate Orbiter, where the trajectory was computed in inches and feet, while the thruster logic expected metric information.

Needless to say that the latter episode didnt end all that well.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Reposted from SANS. View original.