{"id":254,"date":"2008-11-19T22:34:21","date_gmt":"2008-11-20T06:34:21","guid":{"rendered":"http:\/\/cubist.cs.washington.edu\/Security\/?p=254"},"modified":"2008-11-19T22:34:45","modified_gmt":"2008-11-20T06:34:45","slug":"security-review-charge-it-to-my-cell","status":"publish","type":"post","link":"https:\/\/secblog.cs.washington.edu\/Security\/2008\/11\/19\/security-review-charge-it-to-my-cell\/","title":{"rendered":"Security Review – Charge It to My Cell"},"content":{"rendered":"

When in a rush and craving a quick soda or snack, people just don\u2019t want to deal with the hassle of lines and other people. <\/span>That is why the vending machine is such a great invention; it\u2019s a fast, easy way to get something so people can continue on their way. <\/span>But there\u2019s a way to make this process even quicker and simpler. <\/span>Everyone has a cell phone nowadays. <\/span>Why not purchase the items via mobile phone? <\/span>In Japan, they already have such a device; they\u2019re called wallet phones. <\/span>Wallet phones combine an I-mode phone and the FeliCa smart card. <\/span>To use it, one doesn\u2019t even have to press any buttons. <\/span>When the vending machine is ready, the user place their cell phone near it, and the cell phone beeps to let the user know the transaction is complete. <\/span>But this wallet phone doesn\u2019t only work with vending machines, it also can serve as a bus or train pass if the right equipment is set up. <\/span>To counter fraud, the FeliCa smart card dynamically generates an encryption key each time mutual authentication is performed. <\/span>Though not the default, the wallet phone can be configured so that a four digit PIN is required before any transaction. <\/span>The phone operates much like a debit card with a limit of about $500. If the phone gets lost or stolen, the user must call up the company and cancel the service.<\/p>\n

<\/p>\n

One of the first things to consider about any system is who are the potential stakeholders and adversaries. <\/span>The most obvious stakeholders are the wallet phone users who choose to use this feature. <\/span>Other stakeholders are the companies who sell products in the vending machines and the vending machine companies that much change their machines to accommodate for these cell phones. <\/span>The adversaries are basically anyone who wishes to come between a user and their transaction. <\/span>It could be a competitor attempting to get the service to malfunction on the other companies\u2019 products or someone who wants to steal someone else\u2019s money or get a free beverage.<\/p>\n

The first and most important security goal is ensuring the security of the transaction. <\/span>No one but the consumer and machine should be involved in the transaction, and the data should not leak to a third party. <\/span>Another concern is integrity; the consumer should be charged for only the products and services he or she has purchased. <\/span>Cell phones may become our new electronic wallet, so we must ensure that they are properly secured.<\/p>\n

The biggest weakness I see with the wallet phone is the fact that it is a cell phone. <\/span>While it may be very convenient, there is a saying, \u201cDon\u2019t put your eggs all in one basket.\u201d <\/span>I think that the wallet phone does just that. <\/span>In today\u2019s world, more and more people are becoming dependent on their cell phones. Leaving one\u2019s cell phone at home has become almost as awful as forgetting one\u2019s house keys or wallet. <\/span>It has steadily become most people\u2019s prime method of communication. <\/span>In fact, the current trend is for individuals to not have LAN line telephones at all. <\/span>And today\u2019s mobile phones offer more than just telephone service; users can text, send e-mails, take photographs, browse the Internet, listen to music, watch TV, etc. <\/span>Also, lots of important information is stored in phones such as phone numbers, addresses, birthdays, and schedules. <\/span>So, I think that turning a person\u2019s mobile into a debit card is really erring on the side of too much convenience. <\/span>Thieves would start targeting cell phones. <\/span>I don\u2019t know how many thieves today attempt to steal cell phones, but I do know that if cell phones also doubled as wallets, those numbers would increase. <\/span>If consumers really do wish to use their cell phones as debit cards, then the phones need to be handled with a little different mental model they how they are being used now. <\/span>Lock the cell phone with a password when it\u2019s not in use, just as one would do with a computer in a public setting.<\/p>\n

There\u2019s also another weakness I noticed with these cell phones, particularly in Japan. <\/span>Now, while I do think that that PINs are a great way to protect the consumer, there was an inherent problem with how that number was stored. <\/span>When I was setting up my cell phone, it asked me to write my PIN on the application in pen in plain view for anyone in the company to see, and that\u2019s what my PIN was set up to be. <\/span>Also, although the menu of my phone was in English, I never did figure out how to change that number. <\/span>So, one thing that definitely needs to be carefully considered is how these PINs are handled. <\/span>The system used for PIN numbers at banks seems like a good place to start for that. <\/span>The person selects their own 4-digit password on a machine; there is no need for any employee of the company to see it. As stated in many computer security textbooks, security is only as good as the weakest link. <\/span>My PIN may do a wonderful job of protecting my phone, but who is going to protect my pin.<\/p>\n

One other thing that bothers me about this implementation is that the consumer does not have to do anything to complete the vending machine transaction. <\/span>The consumer just must be standing within a certain distance of the machine for the transaction to be completed. <\/span>This creates a different kind of security issue. <\/span>Imagine our good old friends Bob and Eve. <\/span>Let\u2019s say that Eve would like to make a purchase from a vending machine or pay for her daily commute, but she doesn\u2019t have any money on her cell phone. <\/span>And then let\u2019s say that Bob is standing fairly close to Eve, who she knows happens to have a wallet phone in his possession. <\/span>All Eve has to do is go through the motions of making the purchase, and then at payment time, nudge Bob in the right direction to get his cell phone to complete the transaction for her. <\/span>One could compare this action to a temporary purse snatch. <\/span>However, there is a fundamental difference between this and stealing someone\u2019s wallet or purse. <\/span>To get to someone\u2019s money, a thief has to actually open and get inside the purse, bag, wallet, or whatever the victim is using. <\/span>There is that extra step of effort beyond just pushing someone in the direction of the machine. <\/span>And from personal experience, I can safely say that nudging someone in the midst of heavy Japan metropolis traffic would be not such a hard feat at all. <\/span>The other person may not even realize their cell phone was used if the noise and bustle were great enough. <\/span><\/p>\n

Technology was created in order for our lives to be more convenient, but we still have to be careful about how \u2018convenient\u2019 we allow technology to be. <\/span>In the last example, which showed that people could steal another\u2019s money just by nudging them, technology seems to err on the side of too convenient. <\/span>If that extra purchase confirmation screen was added to the transaction, it would make it harder for other people to take the user\u2019s money, whether it is on purpose or on accident. <\/span>While it may be impossible to slow down technology being more heavily incorporated in our lives, it is possible to use that technology in a way that does not cause unexpected problems to arise. <\/span>It just takes some forethought.<\/p>\n

Wallet phones are inevitable. <\/span>With the widespread use of cell phones and the public desire for speed and convenience, it was only a matter of time before someone thought to merge one\u2019s wallet and mobile phone together. <\/span>And this isn\u2019t necessarily a bad thing. <\/span>It is convenient; it is faster, and it might also be something the general populace wants. <\/span>However, several security issues need to be addressed to make sure these wallet phones don\u2019t cause problems for society as a whole. <\/span>The mental model of a cell phone as just a communication device (whether it is actual calling, text, or e-mail) needs to be modified accordingly as more features are added. <\/span>I\u2019m sure the introduction of wallet phones to America is only a matter of time. <\/span>I just hope that they meet the security needs of the people who use them.<\/p>\n","protected":false},"excerpt":{"rendered":"

When in a rush and craving a quick soda or snack, people just don\u2019t want to deal with the hassle of lines and other people. That is why the vending machine is such a great invention; it\u2019s a fast, easy … Continue reading →<\/span><\/a><\/p>\n","protected":false},"author":60,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[],"class_list":["post-254","post","type-post","status-publish","format-standard","hentry","category-security-reviews"],"_links":{"self":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts\/254","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/users\/60"}],"replies":[{"embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/comments?post=254"}],"version-history":[{"count":3,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts\/254\/revisions"}],"predecessor-version":[{"id":257,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts\/254\/revisions\/257"}],"wp:attachment":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/media?parent=254"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/categories?post=254"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/tags?post=254"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}