Home > All, Security Issues > Smartphones, the Google Wallet, and inconvenient trust

Smartphones, the Google Wallet, and inconvenient trust

February 11, 2012 Leave a comment Go to comments

Josh Ruben has shown a pretty basic security design flaw in Google’s Android Wallet. Google says it’s not really a problem and Ruben says Oh yes it is. I don’t want to go into the details of this vulnerability because I’ve written about it on Infosecurity Mag here: Google Wallet vulnerable to brute forcing the PIN. But what I do want to consider is to what extent we will choose convenience over common sense?

Common sense says we should never trust a mobile phone. We lose them. We leave them in taxis. They’re stolen. And it doesn’t matter what security they have or how secure they are supposed to be, once they are out of our control we have absolutely no way of knowing what is or can be done to them. Common sense should tell us that everything on a mobile phone is vulnerable once it is out of our control.

So how come the mobile phone is increasingly used to store personal data, banking information, and even virtual money? The answer is simple. It’s cool and convenient; especially for the young.

I think we need to accept this. Our virtual identity will increasingly migrate to the smartphone, and we won’t – and perhaps even shouldn’t – be able to stop it. The best we can do is increase and maintain a level of distrust. We may have to use this virtual wallet containing our money, our identity, our life – but we should never, ever trust it.

Categories: All, Security Issues
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s