apple-pay-hacking
Today anywhere you go, you will come across Free or Public WiFi hotspots -- it makes our travel easier when we stuck without a data connection.

Isn't it?

But, I think you'll agree with me when I say:


This Free WiFi hotspot service could bring you in trouble, as it could be a bait set up by hackers or cyber criminals to get access to devices that connects to the free network.

This is why mobile device manufacturers provide an option in their phone settings so that the device do not automatically connects to any unknown hotspot and asks the owner for approval every time it comes across a compatible WiFi.

Hackers can grab your Credit Card Data. Here's How?

Cybersecurity

Recently, security researchers from mobile security company 'Wandera' have alerted Apple users about a potential security flaw in iOS mobile operating system that could be exploited by hackers to set up a rogue WiFi spot and then fool users into giving up their personal information, including credit card details.

The loophole leverages the weakness in the default behaviour of iOS devices, including iPhones, iPads and iPods, with WiFi turned on, Ars reported.

This could let attackers create their malicious wireless hotspots and inject a fake "captive portal" page mimicking the genuine Apple Pay interface asking users to enter their credit card details.

A hacker nearby a customer connecting an Apple Pay transaction could launch an attack in an attempt to force the victim's mobile to connect to evil hotspot and then display a popup portal page which is designed in such a way that users could be fooled into believing Apple Pay itself is requesting to re-enter their Credit Card details.

According to the researchers, spoofers can loaf around a point-of-sale (POS) machine with an Apple Pay terminal and could continuously launch the attack in order to victimize more people.

However, the attack may not trick a large number of people because the fake captive portal page imitating Apple Pay interface is displayed under a fairly prominent "Log In" title bar, the report says.
"In high footfall locations, even a very small ratio of success will yield a large number of valuable credit card numbers," CEO of Wandera Eldar Tuvey pointed out. "It's all so easy for them. Using readily available technology, which they may be discretely carrying about their person, hackers can for the first time focus their efforts where their victims are at their most susceptible—at the checkout."
The simple and easiest workaround to prevent such attacks is to turn your device's Wi-Fi simply OFF if you are not intentionally connecting to a known Wireless network.

Security researchers have warned Apple about the loophole and meanwhile recommended that Apple and Google should "consider adopting a secure warning when displaying captive portal pages to users so that users exercise caution."

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.