I’m new here but I’m thinking ahead to what I think everyone is thinking about, payment via implant. I’m excited for the possibility of a future secure element implant but I also know US bank support is still lagging for things like Apple Pay. Some banks still won’t support it and I expect that we will get the same pushback for introducing implants into the system. I was watching a 2018 Defcon video about payment attacks and I was wondering if that could be our temporary solution. Let’s say an upcoming implant supports enough memory, processing, secure element, etc for payment but my bank says no. Could say a Java applet be made to allow me to capture 100 transaction attempts via a Proxmark3 and save them to the implant for replay later? That would effectively get the bank out of the picture. Maybe I couldn’t use the physical card in the meantime to stop a transaction counter but oh well. I’d accept that. It seems that many of these attacks rely on falling back to magstripe or other older protocols for simplicity of replay. Perhaps the data could be edited between the Proxmark3 and write to the implant to demand the fallback.
Anyways, I’m just thinking and I don’t know if anyone has already attempted a replay attack via implant. FYI, the video was Here. There is a demo at the 10:39 mark.