Vulnerability Found in Google Wallet, Alipay Payment SDKs

  • 22 August 2014
  • 0 replies
  • 193 views

Userlevel 7
By Eduard Kovacs on August 22, 2014
 
Researchers at Trend Micro have uncovered a security hole that can be exploited to launch phishing attacks against users who make payments from their Android mobile devices.
According to the security firm, the vulnerability affects the in-app payment (IAP) SDKs for Google Wallet and Alibaba's Alipay, China's leading third-party online payment solution.
The flaw identified by researchers is related to what's known as an "intent," the software mechanism in Android that allows users to coordinate the functions of different apps to achieve a certain task.
"Explicit intents are used if the developer wants an action to be performed by a specific component in a specific app. Implicit intents are used when a developer allows the process to be performed by components of other apps," Trend Micro Mobile Threats Analyst Weichao Sun explained in a blog post. "The Android platform uses intent-filters of apps to determine which app can perform the implicit intent. If an app contains the matching intent-filter, it can perform the task requested by the intent."
 
SecurityWeek/ full article here/ http://www.securityweek.com/vulnerability-found-google-wallet-alipay-payment-sdks

0 replies

Be the first to reply!

Reply