A security researcher attacks Google's Wallet and Near Field Communications tech

NFC is similar to the payment fobs tied to your credit cards that you can wave at some gas pumps to pay for purchases. It is a more sophisticated in that it's built-in to some cell phones and requires that you enter a PIN into your phone to complete the transaction, so it has a slightly higher level of security: you must have possession of the phone, know how to start the NFC payment program, and know the PIN.

The researchers attempted man-in-the-middle attacks when transacting and when registering new credit cards through the phone, and also analyzed the memory content of the phone. They discovered no blatant security issues and were unsuccessful with their MITM attacks, but they did find some unencrypted data cached in memory that did not contain sensitive information such as complete credit card numbers.

So overall, it looks like Google did a good job with their NFC implementation, though the researchers stressed that something as important and ubiquitous as this needs a lot more study. The iPhone does not yet have NFC tech built-in, it is more likely for the iPhone 5 than it was for the 4/4S. iPhones can accept credit card payments through Intuit or the Square dongle, I have a Square and it works pretty nice. But that's receiving payments, not making them.

http://www.h-online.com/security/news/item/Forensic-specialists-analyse-Google-Wallet-1396363.html

Sprint orders its handset makers to strip Carrier IQ from their phones!

"...a report that Sprint, in an attempt to extricate itself from the Carrier IQ drama, has "ordered that all of their hardware partners remove the Carrier IQ software from Sprint devices as soon as possible." Sprint confirmed that they've disabled the use of Carrier IQ on their end, saying, "diagnostic information and data is no longer being collected." The software is currently installed on roughly 26 million Sprint phones, though the company has only been collecting data from 1.3 million of them."

Good. I find the numbers in the last sentence to be curious, I'd like to know if the software on the other 24.7 million phones had not been activated, or had it been turned on in the 1.3 for tech monitoring and never turned off? Could 1.3 million phones being actively monitored be normal for a cell carrier? That's what, half a million phones per state having active technical problems?

http://yro.slashdot.org/story/11/12/16/2039237/sprint-orders-all-oems-to-strip-carrier-iq-from-their-phones


In other Carrier IQ news, some carriers claim that "we" consent to Carrier IQ-like monitoring with the impenetrably-dense EULA that we have to agree to or the contracts that we sign. Verizon did not deploy Carrier IQ, and though it was installed in iPhones it apparently was never activated.

http://www.wired.com/threatlevel/2011/12/telcos-say-you-consented/