Cyber crooks scouting for vulnerabilities in Apple Pay: Experts

PTI New Delhi | Updated on December 29, 2014 Published on December 29, 2014

A customer holds an iPhone 6 (R) and iPhone 6 Plus at the Apple store on Fifth Avenue after the phones went on sale in New York in this file photo taken September 19, 2014. Apple Inc said it sold a record 10 million iPhones in the first weekend after its new, larger phone models went on sale in 10 countries on Friday. REUTERS/Adrees Latif/Files (UNITED STATES - Tags: BUSINESS SCIENCE TECHNOLOGY TELECOMS)

Cyber criminals are looking at ways to exploit tech giant Apple’s recently-launched digital payment solution Apple Pay, according to top cyber security solutions firm Trend Micro.

Even though no actual attacks on Apple Pay have been reported yet, Trend Micro’s ‘Security Prediction for 2015 and Beyond’ warned that cyber criminals will increase attacks on mobile payment systems.

“It’s safe to assume that as early as now, the bad guys are already looking for vulnerabilities to exploit in Apple Pay. They will continue to scrutinise NFC (Near Field Communications) as well,” Trend Micro said.

Apple Pay is a mobile payment and digital wallet service by Apple Inc. It lets certain Apple mobile devices make payments at retail and online checkout.

Trend Micro said though it is yet to see actual attacks and attempts to breach Apple Pay ecosystem comprising of NFC and Passbook (which holds users’ card information), cyber crooks used the latest iPhones as social engineering bait two months before they were even launched.

“We will see new threats specifically target mobile payment platforms in the next few months akin to the Android FakeID vulnerability, which allowed cyber criminals to steal affected users’ Google Wallet credentials,” it said.

According to Apple website, Apple Pay is “more secure” than using a traditional credit or debit card as card number and identity aren’t shared with the merchant, and actual card numbers aren’t stored on Apple device or on Apple servers.

Trend Micro VP (Technology and Solutions) JD Sherry said the payment ecosystem will continue to evolve.

“Massive transformation is upon us and we will continue to see threat actors trying to manipulate NFC as certain platforms gain momentum due to their significant following and user’s penchant for adopting the latest and greatest technology,” Sherry added.

The report also added that targeted attack campaigns will continue to multiply in 2015, after cyber criminals had noteworthy breaches via targeted attacks in the US and China.

“Trend Micro’s threat defence experts predict hackers within countries such as Vietnam, the UK, and India will pursue the use of targeted attacks and we will see attacks against non-traditional countries like we’ve seen recently against Malaysia and Indonesia based organisations,” it added.

Besides, threats around banking will continue to become more severe as more unique cyber crime attacks against financial institutions emerge, the report said.

Published on December 29, 2014
This article is closed for comments.
Please Email the Editor