Smartphones, the Google Wallet, and inconvenient trust
Josh Ruben has shown a pretty basic security design flaw in Google’s Android Wallet. Google says it’s not really a problem and Ruben says Oh yes it is. I don’t want to go into the details of this vulnerability because I’ve written about it on Infosecurity Mag here: Google Wallet vulnerable to brute forcing the PIN. But what I do want to consider is to what extent we will choose convenience over common sense?
Common sense says we should never trust a mobile phone. We lose them. We leave them in taxis. They’re stolen. And it doesn’t matter what security they have or how secure they are supposed to be, once they are out of our control we have absolutely no way of knowing what is or can be done to them. Common sense should tell us that everything on a mobile phone is vulnerable once it is out of our control.
So how come the mobile phone is increasingly used to store personal data, banking information, and even virtual money? The answer is simple. It’s cool and convenient; especially for the young.
I think we need to accept this. Our virtual identity will increasingly migrate to the smartphone, and we won’t – and perhaps even shouldn’t – be able to stop it. The best we can do is increase and maintain a level of distrust. We may have to use this virtual wallet containing our money, our identity, our life – but we should never, ever trust it.