A recurrent discussion during security conferences in the last year was about that mobile threats will becoming more and more significant accordingly to the increasing usage of mobile devices for financial activities.
I can absolutely agree with that. In fact it is money, or it would be better to say, revenue opportunities, to drive "investments" inside the malware producer community that is becoming very much similar to a real industry. At this regards there are a couple of articles I suggest you to read if you're interested with the evolution of malware merchants.
For 'Malware as a Service' merchants, business is booming bit.ly/xShjXm
— Marco Bavazzano (@MarcoBavazzano) February 1, 2012
Crime As A Self Service | via paulsparrows @scoopit bit.ly/Adx1k6
— Marco Bavazzano (@MarcoBavazzano) February 4, 2012
Also security researchers are going to focus much more on this area to search for vulnerabilities.
Google Wallet is a mobile payment system (developed by Google of course) that allows its users to store credit cards, gift cards, etc, as well as redeeming sales promotion on their mobile phone. Google Wallet uses NFC (Near Field Communication) to allow payments by tapping the phone on any enabled terminal.
The vulnerability that is described in this video is impressive since it is very easy to be exploited, in fact it doesn't require any extra software or tools. The vulnerability allows to easily steal prepaid funds out of devices that are lost or stolen (in Google wallet the funds are tied with the device itself and not the Google account).
Google was very responsive and decided to temporarily stop provisioning prepaid credit cards to prevent any exploitation of this vulnerability
Just to complete the view about vulnerabilities on Google Wallet, I must refer that a few days ago, another vulnerability was also identified in the Google Wallet that could allows to reveal a user's Google Wallet PIN. In that case it not so easy to make an exploit since it requires for the attacker to get first the root credential of the mobile phone. Of course if the phone was jailbreaked that step is already over.
It is not difficult to predict that mobile phone-based credit card payments will become a burgeoning industry... for many industry players including malware merchants.
