A security problem has been discovered that could potentially allow an attacker to steal the data of our credit card saved on Google Wallet through an NFC device (eg: Flipper Zero).
Identified as CVE-2023-35671, the flaw affects smartphones with Android 5 and later installed and is related to On-Screen App Lock, a function that allows you to keep an app visible until it is unlocked. If they are enabled:
Use Onscreen App Lock
Require PIN for unlocking
Request device unlock for NFC,
the flaw is potentially able to expose the credit card information on Wallet (which in turn must have been activated for NFC payments).
In the realm of smartphones, Android stands as a true titan. This open-source operating system has evolved since its inception, revolutionizing the way we interact with our mobile devices. From humble beginnings to becoming a global phenomenon, Android has shaped the smartphone landscape and is now a fundamental part of our daily lives.
The Android Journey: A Historical Perspective
Android was founded in 2003 by Andy Rubin, Rich Miner, Nick Sears, and Chris White. The initial vision was to create an advanced operating system for digital cameras. However, realizing the potential in the emerging smartphone market, the focus shifted towards a versatile and open-source mobile platform.
In 2005, Google acquired Android Inc., setting the stage for the rapid growth and development of the Android operating system. The first Android-powered phone, the HTC Dream (also known as the T-Mobile G1), was released in 2008, marking the beginning of Android’s journey in the smartphone industry.
Android’s Key Features and Advantages
1. Open Source Nature
One of Android’s defining features is its open-source nature. The source code is freely available to developers, allowing them to modify, enhance, and contribute to the development of the platform. This openness has fostered a vibrant community and led to a wide array of customizations, innovations, and applications.
2. Diverse Device Ecosystem
Android boasts a vast ecosystem of devices, catering to a wide range of users with varying preferences and requirements. From budget-friendly smartphones to high-end flagship devices, Android offers a plethora of options, ensuring there’s something for everyone.
3. Customization and Flexibility
Android provides a high degree of customization, allowing users to personalize their devices to suit their tastes and needs. Users can change themes, customize widgets, choose launchers, and even install custom ROMs, granting them a level of control that is unparalleled in the mobile industry.
4. Extensive App Selection
The Google Play Store, Android’s app marketplace, is home to millions of applications, covering a diverse range of categories. Whether you need productivity tools, games, educational apps, or entertainment, you’ll find a plethora of options on Android, contributing to its popularity.
5. Seamless Integration with Google Services
Android seamlessly integrates with various Google services, including Gmail, Google Drive, Google Photos, Google Maps, and Google Assistant. This integration enhances productivity, communication, and overall user experience, making Android a preferred choice for those heavily invested in the Google ecosystem.
Challenges and Concerns
While Android has garnered immense success and a massive user base, it’s not without its challenges and concerns.
The open nature of Android, while fostering innovation, has led to fragmentation. The platform is available on a multitude of devices from different manufacturers, resulting in variations in hardware, software versions, and user interfaces. This fragmentation can pose challenges for developers in creating consistent user experiences across all devices.
2. Security Vulnerabilities
The open nature of Android also makes it susceptible to security threats. Malware, phishing attacks, and data breaches are persistent concerns. Google, along with device manufacturers, continuously works to enhance security measures and provide regular updates to mitigate these risks.
At this point, an attacker in possession of an NFC reader may be able to steal credit card information even if the smartphone is locked. Apparently the risk is only the theft of data, the use of the card to make payments seems to be averted.
Google is aware of the flaw and has provided a fix described in the September 2023 Android security bulletin. Some smartphones have already been updated (see Samsung), others not (see Pixel).