McAfee security researcher Jimmy Shah believes:
"An attacker has a good chance of extracting the authentication key from the Google Wallet application and creating a malicious application that emulates the official Wallet application to fool the Secure Element chip into giving up a user's credentials. "From here, the attacker can collect account information for sale or for attempts at cloning the data to new NFC cards," Shah wrote in a blog post. Lookout Mobile Security CTO Kevin Mahaffey agrees with Shah that some sort of malicious application that can compromise the Google Wallet application or the provisioning process. Alternatively, an application could exploit the software in the Secure Element, enabling a hacker to grab credit card info. read more
Related:
|