How secure is your wallet in Google's hands? (FAQ)

reghakr

Essential Member
Joined
Jan 26, 2009
Location
Erie, PA
GoogleWalletLogo.png
Google unveiled its mobile payment plans today, with private field trials starting in San Francisco and New York followed by a public launch sometime during the summer on the Nexus S. The system lets smartphones with NFC (near-field communication) chips use wireless technology to transmit transaction data to special NFC readers at retail stores at very close range.

This means people will eventually be able to wave their [URL=http://reviews.cnet.com/best-android-phones/]Android phones
in front of a reader instead of swiping a credit or debit card or using cash. These "electronic wallets" will be a boon for consumer convenience, letting people leave their money and credit cards at home. But how secure will this method be?

This FAQ can help you decide if you feel comfortable trusting Google Wallet with your financial data.

How does this work exactly?
Your payment card numbers and transaction information are all encrypted and stored on a tamper-proof chip from NXP Semiconductor on the smartphone, in what Google has dubbed the "Secure Element." Customers are required to type in a PIN to open the Google Wallet app and make a transaction.

"Think of the Secure Element as a separate computer, capable of running programs and storing data. The Secure Element is separate from your Android phone's memory. The chip is designed to only allow trusted programs on the Secure Element itself to access the payment credentials stored therein," Google says on its Google Wallet Web site. "The secure encryption technology of MasterCard PayPass protects your payment card credentials as they are transferred from the phone to the contactless reader."

What if I forget my PIN?

"Today, for security reasons, this requires the user to reset the Wallet and reprovision the credit cards," Osama Bedier, vice president of Payments at Google, said in an e-mail response to questions. "We are actively designing a more user friendly reset mechanism, and we will reveal more about this feature once it is ready."

What if I lose my smartphone?

If you've locked your phone, then someone would need to know your PIN to access the phone, as well as know the PIN for Google Wallet specifically in order to access your financial data.

"The Wallet PIN protects access to the Wallet Application itself," Bedier said. "If a user enters the PIN incorrectly too many times, the Secure Element is disabled and cannot be used for payment until it has been reset by a combination of the issuing bank, the Trusted Service Manager, and the user. Resetting the PIN requires the user to reprovision their credit cards to the Wallet, thereby forcing a would-be thief to provision all the card credentials from scratch. In addition to this, the Secure Element prevents an individual from reading any information directly from it. There are multiple security components to its design that make it difficult for any criminal to extract the data contained within its memory."

Could criminals create fake NFC reader interfaces like they do ATM skimmers?

"There is always the possibility that a criminal might attempt to skim an NFC payment card or mobile device," Bedier said. "However, the Google Wallet has two additional countermeasures against skimming that traditional plastic NFC payment cards do not have. The first is the phone screen needs to be powered on, i.e., illuminated, before the NFC antenna is enabled. The second is the user must enter their Wallet PIN before any credentials are released to a reader. This means the user has to clearly demonstrate the intent that they want to pay, before any payment credentials are released."

"In addition to the security features in Google Wallet, our partners have fraud analytics that help to identify fraudulent transactions and block such transactions as they occur," Bedier added. "Google Wallet and our partner systems combined provide much better protection for the consumer over the standard plastic credit cards broadly available in the market today."

Is there the possibility for sniffing or man-in-the-middle attacks like there is with Wi-Fi networks?

This type of attack would be much harder to do given how quickly the transaction takes place and how small the distance needs to be between the device and the reader (4 centimeters or closer).

"A typical man-in-the-middle attack is difficult because of the limited range of the NFC radio frequency," Bedier said. "We also have the added protection of the Mastercard PayPass protocol while card credentials are being transmitted. This interaction is controlled by the all the time."

What if I accidentally download a Trojan horse or other piece of malware on my smartphone via the Web or a malicious attachment that is written to steal credit card data and hijack transactions?

"If malware compromises the phone's operating system, the Secure Element is designed to protect the credentials," Bedier said. "The Secure Element's OS and the data contained in the Secure Element are completely isolated from the phone's OS. Indeed, the Secure Element hardware is separate from the other storage mechanisms on the phone. Further, the phone's OS does not have the capability to read any data from the Secure Element."

One security expert wasn't convinced that the Secure Element could protect against malware that sneaks onto the device.

"The fact that your credit card information is stored on a secure chip doesn't matter that much because if the bad guys can take over the phone, they can control the Google App," said Chris Palmer, technology director at the Electronic Frontier Foundation who formerly worked on Android security as a senior software engineer at Google. "They can wait for it to be launched and grab your credentials."

An NXP spokeswoman said the Secure Element is impenetrable by malware. "The Secure Element requires authenticated access rights--the architecture is set up such that the Secure Element is firewalled off from the rest of the system," she said in an e-mail statement. "The technology is similar to that used in high-security solutions/applications such as ePassports."

This seems to be the biggest concern, at least for now, particularly given that people can be so easily tricked into clicking on a malicious link or opening a malicious attachment that can unleash malware onto the device and take it over.

The malware problem is compounded by the fact that so many devices are not running the most up-to-date software. For example, researchers discovered a hole in Android related to Google Calendar and Contacts earlier this month that made the data snoopable on Wi-Fi networks. It affected 99.7 percent of the Android devices that were running older versions of the software that had not been fixed. Google quickly pushed out a fix, but the problem highlighted the fact that mobile users (and computer users) are at the mercy of software updates and patch schedules for their security.

"There are tons of phones that don't have the latest security patches," Palmer said. "We're going to have a situation where a lot of people are running Google Wallet on machines we know are blatantly not safe and don't have up-to-date patches."

As people rely on their mobile devices more, criminals will turn their attention to those devices, and already are. Researchers have found a botnet program on an HTC Android from Vodafone and samples of the Zeus banking Trojan that targeted Symbian.

But Google Wallet will still be safer than the wallet in my purse or back pocket, right?

Nimble-fingered pick pockets nab wallets from people all the time, spending the cash and using the credit card at retail shops that don't ask for identification. And unsavory personnel at stores online or off can easily use your credit card number before you even suspect anything is amiss. So, yes, your data locked behind PINs and encrypted on your phone is safer than in your wallet at this point.

"The potential benefits far outweigh the risks," even if you have to pay more attention to securing the data stored on your phone, said John Hering, chief executive of mobile security firm Lookout.

Source: How secure is your wallet in Google's hands? (FAQ) | InSecurity Complex - CNET News
 
Google has taken great pains to secure its Google Wallet mobile payment service, employing a secure NFC chip to store credit card information. Security experts discuss ways malicious apps might attack Wallet.

Google Wallet, the search engine's efforts to enable mobile payments using near-field communication technology from smartphones, has a number of challenges it must overcome to succeed.

One is obviously the general lack of interest in mobile payments via smartphones at a time when the vast majority of people happily use wallets. The second-biggest barrier to wholesale adoption may be consumers' concern about the security Google Wallet provides for their credit card information.

So how does Google promise to protect sensitive user data? Believe it or not, the key is an NXP PN65K chip in the Samsung Nexus S 4G smartphone (the only Google Wallet-enabling phone to date).

This "Secure Element," which stores users' credit card digits, is isolated from the phone's operating system and hardware and uses cryptography (PKI [Public Key Infrastructure] and Triple-DES [Data Encryption Standard]) and memory protection, making it tough to crack.

Only authorized programs like Google Wallet can access the Secure Element to trigger a transaction. Moreover, Google Wallet cannot read or write data from the Secure Element's memory.

Google Wallet also requires a 4-digit PIN, which is the only way to transmit payment credentials. That's not something even today's credit cards require to process. This step also prevents bad guys from brushing by you in a crowd to grab your info via NFC, noted McAfee security researcher Jimmy Shah.

As for whether any malicious application could access a user's credit card on the Secure Element, Google assures that Android enforces strict access policies so that malicious applications wouldn't have access to data stored by Google Wallet.

However, Shah thinks Android might be the best entry point for a perpetrator because Android applications are relatively easy to reverse-engineer.

He believes an attacker has a good chance of extracting the authentication key from the Google Wallet application and creating a malicious application that emulates the official Wallet application to fool the Secure Element chip into giving up a user's credentials.

"From here, the attacker can collect account information for sale or for attempts at cloning the data to new NFC cards," Link Removed due to 404 Error

Lookout Mobile Security CTO Kevin Mahaffey agrees with Shah that some sort of malicious application that can compromise the Google Wallet application or the provisioning process. Alternatively, an application could exploit the software in the Secure Element, enabling a hacker to grab credit card info.

Mahaffey wonders whether the PIN will be here to stay or will go away if Wallet becomes widely adopted. If the PIN is abandoned, Mahaffey said a user could then be susceptible to a man-in-the-middle attack, or the ghost-and-leech attack Shah referenced.

In this attack, a perpetrator can use an NFC reader to swipe consumers' credentials when they make a purchase via their phone. The defense against this attack, Mahaffey noted, is the PIN.

ThreatMetrix Chief Products Officer Alisdair Faulkner said the fundamental challenge between the security of today's credit cards and Google Wallet is that Wallet is on the same environment in which someone else's malicious application is able to get at that data.

"The analogy I would use is that I can put my credit card in my wallet, but my driver's license isn't going to try and communicate with it in any way," Faulkner told eWEEK. "Anywhere that you have stored value, that is going to be something that criminals are going to attack."

"Never before in history have we had this kind of financial data and credentials stored on a device, which we know fundamentally can never be trusted."

Source: Google Wallet Security Solid Until its Hacked - Security - News & Reviews - eWeek.com
 
Back
Top Bottom