Mobile WalletsWith the aid of near field communications, the time is coming soon when you will be able to simply wave your smartphone at a register to pay for goods and services. Mobile wallets, in which your credit cards, bank information, coupons, loyalty cards and even boarding passes are held digitally, may very soon become standard in many places. While it may seem futuristic, it is already becoming common. Identity theft protection company Lifelock points out that services like Google Wallet and Apple Passbook already allow users to tap their phone against a near field communicator terminal to pay for something, and mobile commerce seems sure to follow. The risk for users currently lies within the security of NFC technology, but there are steps you can take to prevent your information being compromised. Creating a password for your phone, closing open apps rather than letting them run in the background, choosing to download apps from trusted sources and never posting your phone number online are all steps that you can take to insure that your data isn't being put at unnecessary risk.
Certifi-GatePerhaps one of the biggest smartphone vulnerabilities right now is the Certifi-gate vulnerability. This vulnerability is widespread – according to CSO Online, more than 70 percent of LG Android phones have a plugin installed that creates this vulnerability, as well as 18 percent of Samsung devices and nine percent of HTC devices. Many phones come installed with pre-loaded technical support apps that allow a support technician to take control of the phone remotely, and this is where Certifi-gate creates risk. While running the software remotely takes very high privileges, the app features an authentication problem that allows unauthorized access. Once a hacker has that unauthorized access to your phone, they can perform a frightening number of malicious acts – screen scraping, key logging, and extracting your personal information are just a few.
Currently, the only solution is for manufacturers to push updates out to their users that fix this authentication issue, but manufacturers have been slow to do so. Mobile carriers are equally guilty of not pushing for a solution to be distributed, and there is little users can do other than only choose apps from trusted companies and reach out to their phone manufacturer and carrier and demand the vulnerability be addressed.