Security experts at mobile security company Wandera have discovered a major vulnerability within the Apple iOS operating system which can be used to exploit Apple Pay. This security flaw can be exploited by setting up a spoofed wireless access point and tricking users into providing their credit card data. A hacker will set up a web page which will essentially mimic the Apple Pay interface and request payment information from shoppers.
Due to the settings built into the iOS operating system, these mobile devices will try and auto connect to known wireless networks with a saved SSID. A hacker, in theory, can exploit this by using a fake wireless network which the device will automatically join to. The next step would be to display screen identical to any web page we see on the web.
The ways to avoid being affected by this vulnerability are to recognize that Apply Pay will never ask users for credit card data to complete a transaction, and to make sure to turn off Wi-Fi when not intentionally connected to a network.
For more information about this vulnerability in Apple Pay feel free to reach out to:
Nate Gravel – Director of the Information Security Practice ngravel@gravoc.com
-or-
Jackson Schultz – Security Consultant jschultz@gravoc.com
Related articles
Tackle the Cybersecurity Talent Shortage by Hiring a vCISO
In this blog post, we discuss how outsourcing cybersecurity operations to a vCISO can help businesses, including SMBs, tackle the cybersecurity talent shortage.
Need-to-Know Privilege Explained
In this blog post and video, we explore need-to-know privilege in cybersecurity and why it’s important for organizations to assign user permissions on a need-to-know basis.
Email Security: Solutions to Protect Your Inbox from Cybersecurity Threats
In this blog post, we discuss the importance of email security for businesses and explore the VIPRE and Sendmarc email protection technology solutions.
