Blog article
See all stories ยป

Object reference not set to an instance of an object.

Comments: (2)

A Finextra member
A Finextra member 27 September, 2012, 22:33Be the first to give this comment the thumbs up 0 likes There is a potential exploit in Passbook for iOS 6. Potentially someone could obtain access to someones (unsecured) cellphone and use the screen capture facility (power button and home button) to clone a token - this can then be emailed or MMS'ed to a secondary device and used without the original cardholders knowledge - I have tested and proved this myself. I have notified Apple and recommended they disable the screen grab service whilst Passbook is active/open.
A Finextra member
A Finextra member 27 September, 2012, 22:38Be the first to give this comment the thumbs up 0 likes

Thank you for sharing that. I guess you are referring to the "remote" capture. That would indeed be a potential security hole - one of the reasons it's safer to close the transaction loop by "pull" from POS (as opposed to "push").

Member since

0

Location

0

More from member

This post is from a series of posts in the group:

Innovation in Financial Services

A discussion of trends in innovation management within financial institutions, and the key processes, technology and cultural shifts driving innovation.


See all