The future of ApplePwn. How to save your money. presented at rootcon 2017

by Timur Yunusov,

Summary : It was obvious that this attack was possible by default: if the phone is jailbroken, then it's possible to steal the money, but for some reason everyone claimed about the opposite, considering "Apple Pay is the Most Secure Form of Payment". This is exactly what I would like to refute, considering in detail the flaws of Apple Pay on the phone (payment in applications and the web). The Apple Pay API allows you to do a lot on the client side (phone), which increases the possibility of attacks: request additional fields, do not sign the current fields, etc., which makes it possible to turn Apple Pay into a really "the most popular system for fraudsters".
When people ask about wireless payments (PayPass, ApplePay, SamsungPay, etc), everyone certainly claims that ApplePay is one of the most secure systems. The separate microprocessor for payments (Secure Enclave), absence of card data storing/transmitting in plaintext during payments - it looks like an ideal defense. However, the devil is in the details! We'll present the specially developed opensource utilities which demonstrate an example how hackers can reconnect your card to their iPhone or make fraud payments directly on the victim's phone, even without a jailbreak.