So what happens if you?re someone like me? You?ve just gone to dinner, taken a cab back home, paid the cab fare, closed the door, and just as the cab takes off you feel the lonely and empty pocket that?s usually home to your smartphone. You chase after the cab, but as the cab fades further away the impact of what you lost on that mobile device begins to grow and loom over your head. It becomes more than a phone, because now you haven?t just lost a piece of hardware, you?ve lost your photos, videos, and perhaps your wallet. Not to mention control over what emails have been seen, text messages sent, and contacts you recently interacted with.?
So what happens if your phone is your wallet? With Google?s new service/app Google Wallet ? which the app was launched back in September ? anyone with a Nexus S 4G phone on Sprint can do just that. And by utilizing the app with the device?s Near Field Communication (NFC) ability, this can allow supporting vendors to wirelessly access your banking information.
But what happens if your unlocked phone was left with a less-than-angelic cabby? Lucky for me, my phone was locked, but others might not be. Because of this, this cabby could perhaps access your banking information through a new security loophole found in Google Wallet.
According to Joshua Rubin, a senior engineer with Zvelo, a security research firm, Google Wallets PIN authorization can be easily bypassed. The app labeled ?Google Wallet Cracker? can record and access the four-digit PIN required to launch the app, giving anyone with possession of a stranger?s lost/stolen phone ? and modest technological know-how ? the ability to steal vital information from that particular user. Google did acknowledge the issue and is currently working to resolve the reported problem, but the implications are still concerning. So far the reach of Google Wallet begins and ends with one device on one network (Nexus S 4G on Sprint if you forgot), but this will likely change very soon.
Consider the trend. Mobile payments will continue to increase over the next year, with the possibility of this feature integrating across more phones and within business practices. We?ve already seen mobile payment apps like Square, which allows businesses to accept payments on their tablets or phones. But in the future, with corporate credits cards now on company/personal devices, protecting intellectual property, banking information and company payment history could be a big concern with loopholes in popular third-party systems.
In fairness, mobile payments through smart devices do actually provide the ?possibility? for greater security. Traditionally, a stolen credit card offers no security protection and requires the original owner to call and report the incident. The bigger security issue is that most ? if not all ? user data is residing in one spot, with several apps, that hold sensitive data, asking you to authorize the app only once. Whether the solution is additional security at the operating system layer or more responsibility from the app vendors to better secure their PINs, we all need to be cautious about how fast we let our smartphones become ?smart,? at least until we really understand the security implications.
**Joshua Rubin upon discovering the vulnerability did alert Google before publishing the reported issue. Google is currently working on a fix and update.?
Source: http://blog.bit9.com/bid/78027/Hacking-Google-Wallet
julia child clippers katy perry and russell brand katy perry divorce the curious case of benjamin button brock lesnar retires new years
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.