“Loophole” huh? Sounds like a security issue.
this post was submitted on 14 Sep 2023
1 points (100.0% liked)
Android
34181 readers
193 users here now
DROID DOES
Welcome to the Android community on Lemmy. Here you can participate in amazing discussions and events relating to all things Android.
The rules for posting and commenting, besides the rules defined here for lemmy.world, are as follows:
Rules
1. All posts must be relevant to Android devices/operating system.
2. Posts cannot be illegal or NSFW material.
3. No spam, self promotion, or upvote farming. Sources engaging in these behavior will be added to the Blacklist.
4. Non-whitelisted bots will be banned.
5. Engage respectfully: Harassment, flamebaiting, bad faith engagement, or agenda posting will result in your posts being removed. Excessive violations will result in temporary or permanent ban, depending on severity.
6. Memes are not allowed to be posts, but are allowed in the comments.
7. Posts from clickbait sources are heavily discouraged. Please de-clickbait titles if it needs to be submitted.
8. Submission statements of any length composed of your own thoughts inside the post text field are mandatory for any microblog posts, and are optional but recommended for article/image/video posts.
Community Resources:
founded 3 years ago
MODERATORS
detailed on GitHub, a security issue that’s been given the marker CVE-2023-35671 affects Android devices and allows access to full credit card details through NFC devices like the popular Flipper Zero tool.
Gotta worry about card skimmers for nfc
Daily reminder to leave NFC off and only turn it on when needed since Google Pay and other apps seem to have no concept of only being used when the app is explicitly open.
I've had it twice now where I was standing a little too close to the tap-to-pay terminal on the bus since it was nearly full, and it counted that I "tapped" in again. This is while I was still a full nearly 5 inches away, browsing a completely different app.
Not to mention, how is this not a setting in google pay or the quick menu??? Google removed NFC toggle from the quick menu so you need to turn it off, otherwise it feels like someone could just "tap" to steal money from your unlocked phone from 6+ inches away. Baffling to me.
This fucking pisses me off. No wonder my credit card details were stolen last month. I only ever use NFC.
That's their one shot. No more mobile payments for me. Deactivated now.
Did you read the article? Unless someone had physical access to your (unlocked) phone and was able to pin an app, then tap it against specialized hardware (unlikely you could get a normal card terminal to run this exploit), it's extremely unlikely that this is how your details got stolen.