Olympics a potential security headache for mobile payments

July 10, 2012 | by James Wester

The London 2012 Olympic Games begin later this month, providing a showcase for 10,500 of the world's greatest athletes. The U.K. is expecting an influx of 11 million visitors for the games in addition to the billions watching around the world. From petty crime to something bigger, the Olympics have all the makings for a potential security nightmare.

To handle the the threat, the U.K. is deploying 10,000 police officers supplemented by 13,500 military personnel. (The deployment of troops at the Olympic Games is actually larger than the number of British troops currently serving in Afghanistan.)

For the payment industry, the London Olympics will also be a showcase of sorts. Companies pushing mobile payments are using the event, with all its visitors and viewers, to show off their technology. Samsung and Visa, for instance, are partnering on a program to give each Olympic athlete a new Samsung Galaxy SIII smartphone with embedded NFC technology and an Olympic mobile wallet app. The athletes can use the phones to access events and make purchases at contactless terminals.

Unfortunately, the Olympics could be a security nightmare for mobile payments as well. According to Jim Shah, a mobile security specialist with McAfee, hackers could use the event to find vulnerabilities in NFC technologies and mobile payments. In a post on the McAfee company blog, Shah said that the mobile phones being distributed to athletes, along with those being used by visitors, will give hackers a perfect opportunity to steal data.

Shah said researchers have already demonstrated that one particular method of hacking mobile devices, called "fuzzing the hardware," can be used to exploit security holes in smartphones like those being distributed to Olympic athletes. Fuzzing the hardware uses corrupted data on NFC tags to look for vulnerabilities on devices. Shah said one researcher has actually gone as far as to develop a software library that injects "crafted" NFC tags into a phone and then monitors the results of crashes. A hacker could use that same library to discover ways to access the phone and the data contained on it, Shah said.

While Shah did not identify any known threats, the possibility that hackers are working on exploiting potential security holes in moble wallets is all too real. Just last year, two security issues were discovered with Google's NFC wallet. One of the security issues — which allowed hackers access to the prepaid account on the Google Wallet — was serious enough that Google temporarily shut down some functionality while it issued a fix.

It's not just Google struggling with the security of NFC, though. In a recent article about Apple's deliberations on including the technology in its most recent iPhone, the Wall Street Journal reported that one reason Apple nixed NFC was the company's concern over whether it is secure enough.

And if hackers are able to use the Olympics as a testing ground for hacking mobile paymetns, according to Shah, the event will also provide the perfect venue to use any stolen data.

"The large number of readers at the Olympics will provide places where a successful attacker can use stolen credentials to make purchases," Shah said in his post. "The Olympics will also provide a concentrated pool of targets (people and phones) to pilfer from — especially if everyone is busy watching who wins the medals and not worrying about where his or her phone is."

For more stories like this, visit the Security research center.

Topics: Security

James Wester / James Wester is a technology writer and blogger with over 15 years of experience in marketing and communications in the technology and payments sectors. Prior to joining MobilePaymentsToday.com as editor he worked as Director of Corporate Communications for Chase Paymentech and ran payment operations for AOL. James has a BA in English from Drury University in Springfield, MO and an MS in IT Management from the University of Virginia.
View James Wester's profile on LinkedIn

Sponsored Links:

Related Content

Latest Content

comments powered by Disqus