Apple’s new mobile payment service has suffered another hit with the uncovering of a possible security threat that could open users up to having their payment details stolen.
Researchers from mobile threat prevention firm Wandera have found that kits costing less than $100 could allow criminals to steal card details by luring them into malicious Wi-Fi networks.
Upon joining the Wi-Fi network, users are confronted by a fake portal page set up by the hackers that mirrors the enrolment to Apple Pay, and is then used to harvest card details for nefarious purposes.
“Hackers can take advantage of users’ trust in their phones – making this a social engineering threat rather than an information security one. In this type of attack, only users’ ability to spot tiny differences can protect them.”
The company, which has reported its findings to Apple, is recommending that apps that accept credit card details, such as popular taxi services or digital wallets, should now investigate methods to positively identify themselves to users when requesting sensitive information, much like how some online credit card services already do in the form of personalised security phrases or images.
Wandera is also advising users looking to add credit card details to an app to always go via the app from scratch and to use the camera to capture card details where that capability is available.
“The payments industry needs to look very closely at these social engineering threats and wherever possible, provide consumers with simple guidance to enable them to distinguish between fake and genuine requests for their sensitive information,” Tuvey added.
The news is another blow for Apple Pay following a survey released today showing that only a small proportion of leading retailers are planning to support the system.
Speaking to a hundred top merchants in the US, the only market where Apple Pay is currently available, a Reuters survey found that around two-thirds would not be providing the system any time in 2015.
Of the companies who responded, less than a quarter said they currently accepted Apple Pay, and only four more said they planned to offer it in 2016.
All clued up on mobile payments? Try our quiz!
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…
View Comments
This is not an iOS vulnerability, it is a phishing campaign.