Post #738555 — 电报时报 (@times001)

Type to search

Advanced channel search

English

Site language

Russian English Uzbek
Sign In

Catalog

Channels and groups catalog Search for channels
Add a channel/group
Ratings

Rating of channels Rating of groups Posts rating
Ratings of brands and people
Analytics
Search by posts
Telegram monitoring

电报时报

5 Jan, 18:42

Open in Telegram Share Report

支付宝碰一碰NFC设备存在安全漏洞可被替换收款标签但利用的可能性极低 Telegraph | 原文

支付宝碰一碰NFC设备存在安全漏洞可被替换收款标签但利用的可能性极低 - 蓝点网

据加密货币硬件钱包 OneKey 发布的消息，前段时间 OneKey 安全实验室的研究人员发现支付宝部分 NFC 碰一碰支付存在安全隐患，其风险是碰一碰设备的硬件芯片问题。这段时间支付宝正在全国各大城市密集推广碰一碰支付，碰一碰支付主要通过 NFC 标签生成动态支付链接，使用具有 NFC 功能的智能手机贴靠时可以识别标签并通过支付宝打开。 OneKey 发现的问题是支付宝碰一碰设备使用的恩智浦 NXP NTAG215 芯片未开启 OTP 一次性写入和加密功能，这有可能被恶意利用并对芯片内容进行篡改和伪造。如果成功发起攻击，攻击者可以通过替换芯片内容将标签导向钓鱼地址，用户支付的款项也会被攻...

2.7k 0 4 2

Catalog

Channels and groups catalog Channels compilations Search for channels Add a channel/group

Ratings

Rating of Telegram channels Rating of Telegram groups Posts rating Ratings of brands and people

API

API statistics Search API of posts API Callback

Our channels

@TGStat @TGStat_Chat @telepulse @TGStatAPI

Read

Blog Telegram Research 2019 Telegram Research 2021 Telegram Research 2023

Contacts

Support Email Jobs

Miscellaneous

Terms and conditions Privacy policy Public offer

Our bots

@TGStat_Bot @SearcheeBot @TGAlertsBot @tg_analytics_bot @TGStatChatBot