English
The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service. Internet threat level: 1
Latest posting
By rating
By popularity

Join our blog

You can contribute to our blog if you have +100 points. Comment on articles and blogposts, and other users will rate your comments. You receive points for positive ratings.

Incidents|Will the PIN hacks be the end of Google Wallet?

Tim
Kaspersky Lab Expert
Posted February 14, 17:03  GMT
Tags: Google, VISA, Mastercard, Paypal, AT&T, Verizon, HTC, Motorola
0.2
 

Last week researchers found vulnerabilities in the Google Wallet payment system. The first vulnerability was found by Zvelo, which required root access. Rooting devices has become just short of trivial at this point with the availability of “one-click root” applications for most platforms. The vulnerability was leveraged to display the current PIN number. The very next day a new vulnerability was discovered in how application data is handled in the Wallet app. In this case no root access is needed, as thesmartphonechamp demonstrated , this is simply a flaw in how the application works. Assuming a Google Prepaid card has been set up, a user can navigate to the application management interface, and delete application data for Google Wallet. On return to the app’s interface, the user is then prompted to set up a new PIN. The flaw is that the Google Prepaid card data persists. After establishing a new PIN number, the attacker is free to use the prepaid card as though it was their own.

Opinions|What to Do About Carrier IQ

Tim
Kaspersky Lab Expert
Posted December 07, 16:41  GMT
Tags: Google, Apple, HTC
0.4
 

There’s been a lot of talk about a piece of software installed on many mobile devices called Carrier IQ. The intended purpose of the software according to the manufacturer is to collect metrics to improve many functions of the device on which it’s installed. The uproar has been that this software has access to so much private user data.