Update: The MTA flaw has been eliminated, but the Apple Pay question remains. See the end of the piece.
An inexcusable NYC subway security flaw has been revealed, allowing anyone with knowledge of a user’s credit card number and expiry date to track all journeys made within the past seven days.
But what’s far more concerning is that the vulnerability applies to journeys where Apple Pay was used to tap into stations, despite the fact that this should be completely impossible …
more…