Attacker then emulates the card and makes withdrawals or payments from victim’s account.

  • Lojcs@lemm.ee
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    3 months ago

    What scenario are you talking about?? From the article:

    NGate malware can relay NFC data from a victim’s card through a compromised device to an attacker’s smartphone, which is then able to emulate the card and withdraw money from an ATM.

    Masquerading as a legitimate app for a target’s bank, NGate prompts the user to enter the banking client ID, date of birth, and the PIN code corresponding to the card. The app goes on to ask the user to turn on NFC and to scan the card.

    Physical card is involved, mobile payments isn’t.

    • lemmyvore@feddit.nl
      link
      fedilink
      English
      arrow-up
      1
      ·
      3 months ago

      In that case I call bullshit. What I described can work (relaying banking apps on the victim’s phone to authenticate to ATM), with cards it should not. If you read the comments on the site you’ll see people are just as confused as to how this can work.