Google Wallet Security

[Sarad AV]

Yes, true. Also have to check the scenario as to how the card details are first entered into the phone and a malicious code already running at that time.

Sarad.

--- On Thu, 9/22/11, Bill St. Clair <billstclair at gmail.com> wrote:

> From: Bill St. Clair <billstclair at gmail.com>
> Subject: Re: Google Wallet Security
> To: "Sarad AV" <jtrjtrjtr2001 at yahoo.com>
> Cc: cypherpunks at al-qaeda.net
> Date: Thursday, September 22, 2011, 7:04 PM
> I haven't seen details on how this
> works, but from the short
> description on that Wikipedia page, which matches Google's
> description, the PIN enables the NFC antenna, which allows
> the "Secure
> Element" chip to communicate over the NFC radio link. The
> NFC station
> can then query the Secure Element for the user credentials,
> which I
> assume are sent encrypted with the credit card issuer's
> public key. So
> you'd have to send transmission over the NFC radio link's
> limited
> range that looks to the Secure Element to be coming from a
> credit card
> issuer. Hopefully, the encryption between the credit card
> issuer and
> the Secure Element is end-to-end, so there's no way for
> anybody else
> to snoop on it. So if you can steal the PIN, hack the OS to
> simulate
> that PIN being typed, while the user is close to an NFC
> station that
> can impersonate a valid credit card issuer, you're golden.
> Sounds hard
> to me.
> 
> Lots of guesses there, however. I hope Google will publish
> the
> protocols. Maybe they already have. I didn't look.
> 
> -Bill St. Clair
> 
> On Thu, Sep 22, 2011 at 8:52 AM, Sarad AV <jtrjtrjtr2001 at yahoo.com>
> wrote:
> > Hello,
> >
> > Is there anything that stops the card number and PIN
> from being stolen and transmitted to a malicious remote user
> when the a smartphone using google wallet has a virus on it
> and is connected to the internet?
> >
> > http://en.wikipedia.org/wiki/Google_Wallet#Security
> >
> > Thank you,
> > Sarad.