Should the payment information be stored in your SIM card (where carriers have access to it) or in an NFC (Near Field Communications)? This is scary, once your credit card is stored in your phone, mobile attacks will EXPLODE. This will be the new way for attackers to get CC info. Gone will be the days of planting devices in the store. Attackers will now either attack your phone, or attack the carrier or mobile provider to get credit cards. This is bad given that some stats I read say that one in every two Americans will have smartphones, which may even be more than people with computers!
We talked about this a few weeks ago. At the last RSA there was one reporter who sat in on a Mobile Security talk and came away with the feeling that security for mobile devices was not as bad as some people say it is. Shortly after there was a slew of malware available for download on the Android marketplace. There is just not much financial incentive for attackers to go after these devices yet. If we create a virtual wallet on them it is going to end poorly. Further, we cannot lose sight of the fact that many applications are running as root and there is little to no built-in security for these devices.
Sure, it may not be that bad now. But any student of information security history can see where this is going.
PaulDotCom and John Strand
Originally discussed during episode 242
John Strand will be teaching Offensive Countermeasures at Black Hat July 30-31
This blog post is brought to you by SecureIdeas... Because Kevin Johnson paid me $1.