Yup, however Samsung Pay/LoopPay keep the chip bit meaning you need to bring your cards with you when they require Chip, where MagSpoof can disable the bit, allowing you to leave your cards at home.
Hi windexh8er, I choose this hardware because it's portable and convenient. It would technically be much easier to carry out this attack with something like rfcat via yardstick one, hackrf, etc, but I didn't want a USB based device and no need to build my own device when something existed with everything I needed! And did I mention it's pink?
Oh, don't get me wrong - I think it's awesome you're recycling and embrace pink. Thanks for the insight though and, well, I partially answered my question because the 8th video Ossmann actually walks through all of this on HackRF...
Hi totony, unfortunately with the way our systems are designed today, it's typically trivial to usurp admin later on when the user escalates privileges, even after the USB device has been removed. Examples such as injected LD_PRELOAD, adjusting PATH to MITMA sudo, etc.
In my example, we interestingly see how by default, OS X does not require additional permissions in this unique scenario. Crazy!
That's true, but this hack is a (clever) way to shortcut doing user commands (if you have access to the USB port and the logged user's unlocked screen, then it is conceivable that you should be able to do such a thing without such a tool).
The exploits that could lead to privilege escalation are a different matter (imo they should be fixed).
This hack is very relevent for personal computers, where the user account (in windows i.e.) is an admin and plugging in a USB device does not seem as dangerous as you demonstrated it is.
Is the screen resolution independent on the mouse x,y coordinates for the OK click? Looks like in the code you know how far from the top left corner the OK button is for that computer only.
Hi lukeholder, the screen resolution is "tied" to how quickly the mouse moves, so no matter which screen resolution you choose, the mouse will always move to the right location.
