this post was submitted on 14 Sep 2023
134 points (99.3% liked)

Android

28180 readers
153 users here now

DROID DOES

Welcome to the droidymcdroidface-iest, Lemmyest (Lemmiest), test, bestest, phoniest, pluckiest, snarkiest, and spiciest Android community on Lemmy (Do not respond)! Here you can participate in amazing discussions and events relating to all things Android.

The rules for posting and commenting, besides the rules defined here for lemmy.world, are as follows:

Rules


1. All posts must be relevant to Android devices/operating system.


2. Posts cannot be illegal or NSFW material.


3. No spam, self promotion, or upvote farming. Sources engaging in these behavior will be added to the Blacklist.


4. Non-whitelisted bots will be banned.


5. Engage respectfully: Harassment, flamebaiting, bad faith engagement, or agenda posting will result in your posts being removed. Excessive violations will result in temporary or permanent ban, depending on severity.


6. Memes are not allowed to be posts, but are allowed in the comments.


7. Posts from clickbait sources are heavily discouraged. Please de-clickbait titles if it needs to be submitted.


8. Submission statements of any length composed of your own thoughts inside the post text field are mandatory for any microblog posts, and are optional but recommended for article/image/video posts.


Community Resources:


We are Android girls*,

In our Lemmy.world.

The back is plastic,

It's fantastic.

*Well, not just girls: people of all gender identities are welcomed here.


Our Partner Communities:

[email protected]


founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] -4 points 1 year ago* (last edited 1 year ago) (1 children)

This fucking pisses me off. No wonder my credit card details were stolen last month. I only ever use NFC.

That's their one shot. No more mobile payments for me. Deactivated now.

[–] [email protected] 8 points 1 year ago (1 children)

Did you read the article? Unless someone had physical access to your (unlocked) phone and was able to pin an app, then tap it against specialized hardware (unlikely you could get a normal card terminal to run this exploit), it's extremely unlikely that this is how your details got stolen.

[–] [email protected] 0 points 1 year ago (1 children)

Skimmers aren't a thing? Especially with near field? You're wrong. I ONLY use my phone and NFC to pay for things and that's how the data was stolen as verified from my credit card company and Google. But hey you know best right?

It was specifically stolen from Google Pay and contactless payments.

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago)

Skimmers are not a thing for Google Wallet / Apple Pay, no. Both these services use tokenization for transactions, meaning that even with your phone unlocked, no-one could grab anything via NFC that would allow triggering a transaction later, let alone clone your card. Even in this specific scenario described in the article (which requires your phone to be in the hands of the exploiter), the CVV of the card wasn't exposed, so no-one can actually trigger a payment with this info except if they also have your physical card to read the CVV.

Google Wallet / Apple Pay are a million times safer than using your physical card, because the most common skimming attacks either just grab the magnet strip info if available or literally just read the info off the card optically including CVV, which allows for online transactions. None of these things are a concern with Google Wallet / Apple Pay.

But hey you know best right?

I worked as a TPM in financial services for almost 5 years, so yeah I think I'd know.

It was specifically stolen from Google Pay and contactless payments.

It wasn't.