Related
I've started a new thread rather than tacking this on to a software recommendation thread, as I'm just trying to get an idea of peoples view on risk rather than comments on particular software.
Having started to drive myself mad trying to remember logons for online accounts like amazon, ebay etc. I'm now really stuggling with the extra level of security some ecommerce sites like ticketmaster are using like RBS secure pass. I have enough difficulty remembering logons and passwords for the main sites and now have to remember yet another set just to complete the purchase.
So really my question is what level of information would you store on your device? I'm currently looking at ewallet and am happy with the software and purchase price, but they suggest storing everything; bank account details, logons and pins; credit/debit cards numbers and pins; ecommerce site logins etc. Do you trust storing such sensitive details on a portable device? They say they use government-level (FIPS) 256-bit AES encryption, do people feel that's secure enough and uncrackable? At the moment I generally use a variation of the same password with different numbers on the end even for ecommerce sites, so it's got to be better than that! I'm not overly worried about protecting discussion site log on's though. I guess you could setup "wallets", one for ecommerce site, one for bank account details etc, so multiple accounts would have to be hacked, but then you're back to having to remember (and periodically change) multiple passwords. I've also just thought that the phone is pin protected as well and the password data is stored on the phone rather than the memory card, so that's another level of protection.
I guess it's just a case of weighing up the risks, i.e. relying on my ever more flakey memory, but possibly only compromising one site, although that could include bank accounts, or risking the lot, but (hopefully) stored in a much more complete, effecient and secure method and actually doing the recommended changing passwords every month. If I don't trust the software, then it's back to using my failing memory or bits of paper Having just sorted out my late mothers possessions I found a notebook with all her bank account details, pins, passwords etc
i'm using eWallet from Ilium on both my wm phones and pc...it's secure (256-bit FIPS-197 AES) enough for me (u can use long passwords, set lockout times after unsuccesful logins).
to be honest if you are milionare you may need to be careful with using this sort of software but being quite normal, average earning human being i think that no hacker would like to spend weeks or months to try to hack my eWallet. and even if someone would be so patient, as soon as my phone would have been (god forbid) stolen i know that i have good few weeks to change all my sensitive data with banks and other social network websites and eShops...
marasp said:
i'm using eWallet from Ilium on both my wm phones and pc...it's secure (256-bit FIPS-197 AES) enough for me (u can use long passwords, set lockout times after unsuccesful logins).
to be honest if you are milionare you may need to be careful with using this sort of software but being quite normal, average earning human being i think that no hacker would like to spend weeks or months to try to hack my eWallet. and even if someone would be so patient, as soon as my phone would have been (god forbid) stolen i know that i have good few weeks to change all my sensitive data with banks and other social network websites and eShops...
Click to expand...
Click to collapse
Thank you for a down to earth answer. May be I'm being a bit too paranoid. As I said in my first post, anything's got to be better than my current flawed system.
It would not be used my your average droid user but for those few of us it would be a time saver and money maker... Time is money in my job.... DirecTV installer that is.
Here's what we do, we put up all external and internal equipment and then start doing firmware updates at which time, we stand around looking bored or put all our equipment away during the 20 minutes worth of upgrade and reboot.
That time could best be served by programming the remotes to all devices and some times we are able to accomplish this by going to DTV's website using link:
http://www.directv.com/DTVAPP/global/contentPageIF.jsp?assetId=P4380052#h:620.977
The problem is when we are out of 3G area in the desert mountains it's either painfully slow or non-existent
Now, if a DEV sees a way to cache the codes and make a app for our droids, I know a ton of installers would be willing to purchase it. Shoot, I'd be willing to throw out a 20 if it would save me the down time and get me to my next job faster as we don't get paid by the hour, we get paid by completed install/upgrade.
So, just an idea for a DEV, well... request really. An app that is searchable like DTV's site that would give all remote codes for a device. Not just the one result, but the "Find More Codes" included.
Sorry for rambling.
Hi,
I've two questions.
1. Which navigation sofware can I use offline with phone 7 (alternative to the t-mobile dongle).
2. Which smartphoneholder is good for using in Car. Im looking for a aktive solution so that it's not nessesary to plug in cable in the smartphone if i plug in the phone (same principle as the becker navigation holder)
Thanks for your feedback
alexander555 said:
Hi,
I've two questions.
1. Which navigation sofware can I use offline with phone 7 (alternative to the t-mobile dongle).
2. Which smartphoneholder is good for using in Car. Im looking for a aktive solution so that it's not nessesary to plug in cable in the smartphone if i plug in the phone (same principle as the becker navigation holder)
Thanks for your feedback
Click to expand...
Click to collapse
Well I have given up on Getting any GPS software for WP7 and use a Dedicated GPS for all my Navigation in Malaysia and Singapore. There is no company supporting WP7 for of line use of GPS maps that I could find.
If you purchase a dedicated GPS unit with Bluetooth it is possible to use it as A hands free device as well. Most dedicated units also come with a mount.
I have a Nokia phone that I use for GPS when traveling as all the maps and turn by turn navigation are free.
I'm using the AT&T Navigator software on my AT&T focus and its turn by turn directions work great. It cost a few buck per month, but its worth it. The only downside is that with no multitasking, you can't monitor emails while using it, but calls still work.
randude said:
I'm using the AT&T Navigator software on my AT&T focus and its turn by turn directions work great. It cost a few buck per month, but its worth it. The only downside is that with no multitasking, you can't monitor emails while using it, but calls still work.
Click to expand...
Click to collapse
How much data per hour or so does that pull in?
alexander555 said:
1. Which navigation sofware can I use offline with phone 7 (alternative to the t-mobile dongle).
Click to expand...
Click to collapse
If your operator doesn't provide a navigation solution, basically your only option is to find Navigon and sideload it on your phone - search xda for hints on how to do it.
Rumor is that Navigon has an exclusive deal with T-Mobile Germany until summer, so it won't be available on Marketplace until then.
alexander555 said:
2. Which smartphoneholder is good for using in Car. Im looking for a aktive solution so that it's not nessesary to plug in cable in the smartphone if i plug in the phone (same principle as the becker navigation holder)
Click to expand...
Click to collapse
On xda, there are device-specific forums with "Accessories" sections, check out the forum for your device.
I think every WP7 user should get A to Z. It's in the marketplace and its free. It's amazing, but I'm not sure if it only works in the states... It has turn by turn directions!!!
thealanshow said:
I think every WP7 user should get A to Z. It's in the marketplace and its free. It's amazing, but I'm not sure if it only works in the states... It has turn by turn directions!!!
Click to expand...
Click to collapse
It's actually called A to B but yes, it is pretty sweet.
I'm with the OP on this. I need a map based turn by turn GPS software such as Garmin, Tomtom, iGO or Navigon. Using bing or A to B doesn't cut it. The last thing I want is to be lost in a dead zone. For me this is a deal breaker and one of the many reasons why I am still with WinMo.
alexander555 said:
Hi,
I've two questions.
1. Which navigation sofware can I use offline with phone 7 (alternative to the t-mobile dongle).
2. Which smartphoneholder is good for using in Car. Im looking for a aktive solution so that it's not nessesary to plug in cable in the smartphone if i plug in the phone (same principle as the becker navigation holder)
Thanks for your feedback
Click to expand...
Click to collapse
1. Since you're from Germany, your best bet if you need navigation now is to simply get a T-Mobile device as they come pre-loaded with Navigon.
2. Depends on the device you get. We have Omnia7's and purchased the active Brodit holder for it, great holder. Only downside is that it doesn't play nice with the phones once you put gelaskins on them.
AT&T Navigator costs $10 a month. That is NOT cheap...
10% (maybe more) of your phone bill per month, or $240 over a 2 year contract. You're better off buying a $100 GPS system with offline navigation with updatable maps...
Those GPS services preloaded on these phones are a joke. That's why Google Voice Navigation (and later Bing Voice Navigation) was such a big deal...
deeken said:
I'm with the OP on this. I need a map based turn by turn GPS software such as Garmin, Tomtom, iGO or Navigon. Using bing or A to B doesn't cut it. The last thing I want is to be lost in a dead zone. For me this is a deal breaker and one of the many reasons why I am still with WinMo.
Click to expand...
Click to collapse
I'm with you guys here. I'm only on a 200mb plan. Why would I pay $10 per month for Navigator when it'll probably end up going over my limit and overcharge an extra $15 for data? I would have no problem paying a good price for an offline map based GPS.
N8ter said:
AT&T Navigator costs $10 a month. That is NOT cheap...
10% (maybe more) of your phone bill per month, or $240 over a 2 year contract. You're better off buying a $100 GPS system with offline navigation with updatable maps...
Those GPS services preloaded on these phones are a joke. That's why Google Voice Navigation (and later Bing Voice Navigation) was such a big deal...
Click to expand...
Click to collapse
totally agree, "a few bucks" is maybe 2-3, but 10 is dead-end. same with their family tracker. I use my Garmin and a few times sideloaded Navigon.
derausgewanderte said:
totally agree, "a few bucks" is maybe 2-3, but 10 is dead-end.
Click to expand...
Click to collapse
You are, of course, entitled to your opinion, but from my experience (I use Navigator, and I've owned two different dedicated GPS units) you are dead wrong. $10/month for Navigator is quite reasonable compared to what I would have to spend to get a GPS unit with comparable features and quarterly map updates.
RoboDad said:
You are, of course, entitled to your opinion, but from my experience (I use Navigator, and I've owned two different dedicated GPS units) you are dead wrong. $10/month for Navigator is quite reasonable compared to what I would have to spend to get a GPS unit with comparable features and quarterly map updates.
Click to expand...
Click to collapse
I got my GPS for 120 and it was a good quality Garmin. A year in and you're already paying that for Navigator with less features... and that's if you're already paying for unlimited data.
derausgewanderte said:
totally agree, "a few bucks" is maybe 2-3, but 10 is dead-end. same with their family tracker. I use my Garmin and a few times sideloaded Navigon.
Click to expand...
Click to collapse
Now that WP7 has FREE tracking built in, there is absolutely no need for the ATT Family Tracking. iPhone and Android Both offer Free Tracking also. I hate to admit it, but iPhone does the best tracking. It pinpoints down to within 20 feet.
I feel both ways on the GPS functions. Personally, I prefer a good GPS unit over GPS on my phone. But, it is nice to get the extra features found on the connected GPS devices. ATT Navigation is actually quite a nice program to use. I used the free trial and was quite impressed, even though I've been a LONG time user of TomTom and Navigon. ATT held it's own, but as others have mentioned, being left without connection, thus no Navigation is just not acceptable for me either.
TomTom, with map updates does end up costing just about the same as ATT Navigator, with the exception of the Data. If you don't use much data, it's probably a wash, but if you go over your data plan, I'm sure ATT will end up being much more expensive. Being able to search for ANY Point of Interest is a big plus on the Connected Navigation. TomTom and Navigon occasionally don't have all the POI's needed.
The newer TomTom's now have the best of all worlds. Free Lifetime Map Updates, Offline Navigation, Online Search, etc... Problem is, they cost around $300-400 for all that.
I'm holding my breath that TomTom will support WP7, especially now that Microsoft has opened up the Dev a bit for them. TomTom on iPhone is really nice to use, so it should be that much better here.
SuperSport said:
Now that WP7 has FREE tracking built in, there is absolutely no need for the ATT Family Tracking. iPhone and Android Both offer Free Tracking also. I hate to admit it, but iPhone does the best tracking. It pinpoints down to within 20 feet.
I feel both ways on the GPS functions. Personally, I prefer a good GPS unit over GPS on my phone. But, it is nice to get the extra features found on the connected GPS devices. ATT Navigation is actually quite a nice program to use. I used the free trial and was quite impressed, even though I've been a LONG time user of TomTom and Navigon. ATT held it's own, but as others have mentioned, being left without connection, thus no Navigation is just not acceptable for me either.
TomTom, with map updates does end up costing just about the same as ATT Navigator, with the exception of the Data. If you don't use much data, it's probably a wash, but if you go over your data plan, I'm sure ATT will end up being much more expensive. Being able to search for ANY Point of Interest is a big plus on the Connected Navigation. TomTom and Navigon occasionally don't have all the POI's needed.
The newer TomTom's now have the best of all worlds. Free Lifetime Map Updates, Offline Navigation, Online Search, etc... Problem is, they cost around $300-400 for all that.
I'm holding my breath that TomTom will support WP7, especially now that Microsoft has opened up the Dev a bit for them. TomTom on iPhone is really nice to use, so it should be that much better here.
Click to expand...
Click to collapse
Integrating WP7 with Windows Live Family Safety and introducing Bing Maps Navigation and a service similar to Latitude would work, and you wouldn't have to pay AT&T for it.
And for the poster above talking about Navigator: Who cares. Navigator subscriptions are a scam and the only carrier that has a good deal is Sprint because they give it for free with their $69 (not 79) plan. I'm just aghast that people pay these prices for a Navigation app with no offline capabilities on a subscription when GPS hardware is so cheap and actually quite attractive these days (not to mention lots of new cars are coming with them built-in).
You can spin it any way you want, but they make no monetary sense to consumers when you can either get a phone that has it for free, or get a GPS unit that costs half as much as Navigation costs over the course of a your cell phone contract.
One of the reasons Android took off so well is cause of the free Navigation, and even WP7 has this. Microsoft just needs to get off their asses and bring Voice-Guided Navigation to WP7.
I wish I could just buy Ovi Maps for a flat fee or something, for WP7. But in the meantime, I just carry my Vibrant everywhere and use it for that purpose instead.
Hell, even MapQuest has a Voice Guided Nav app for Android now: https://market.android.com/details?id=com.mapquest.android.ace&feature=search_result
Microsoft either needs to work with some company like MapQuest, another third party (TomTom, etc.), or get Bing Navigation up to par.
thealanshow said:
I think every WP7 user should get A to Z. It's in the marketplace and its free. It's amazing, but I'm not sure if it only works in the states... It has turn by turn directions!!!
Click to expand...
Click to collapse
A to B do not work here, i am using dedicated GPS nav device fast and cheap... SGD300/-
cgibsong002 said:
I got my GPS for 120 and it was a good quality Garmin. A year in and you're already paying that for Navigator with less features... and that's if you're already paying for unlimited data.
Click to expand...
Click to collapse
It's disingenuous to try to lump your data plan into the "cost" of GPS navigation, unless that is the only reason you have the data plan. Since almost no one falls into that category, the cost is obviously amortized (I use my data connection for email, YouTube, weather updates, downloading apps, and about 20 other purposes).
As for your experience with your $120 Garmin, we'll just have to agree to disagree. My experience has been very different.
RoboDad said:
It's disingenuous to try to lump your data plan into the "cost" of GPS navigation, unless that is the only reason you have the data plan. Since almost no one falls into that category, the cost is obviously amortized (I use my data connection for email, YouTube, weather updates, downloading apps, and about 20 other purposes).
As for your experience with your $120 Garmin, we'll just have to agree to disagree. My experience has been very different.
Click to expand...
Click to collapse
No it's not. It can change your data requirements. If you use the GPS apps a lot on your phone, a 200MB data plan may not be enough. With a dedicated GPS system, you may be able to just use a 200MB data plan. Some people are like that.
So in the end you end up paying a ridiculous amount of money for the GPS services and the data plan to facilitate it, than just getting a dedicated GPS device.
truffle1234 said:
A to B do not work here, i am using dedicated GPS nav device fast and cheap... SGD300/-
Click to expand...
Click to collapse
Agree.
1. It doesn't work (as in, I've never gotten it to work).
2. It has that banner on the screen at all times, which is a waste of useful screen real estate in this type of application.
I do not see the appeal.
It's just as easy (easier, really) to swipe a credit card.
I do not see the advantage of making a purchase process more complicated--NFC requires a powered, active, working phone. What if the phone crashes? What if the battery dies?
A credit card is solid state, requires no power, and is usable just about anywhere...
Am I missing something?
Deanwvu said:
Am I missing something?
Click to expand...
Click to collapse
Did you get your $10?
I don't know about purchases but I have some cool ideas about things to do with my new NFC tags.
Deanwvu said:
I do not see the appeal.
It's just as easy (easier, really) to swipe a credit card.
I do not see the advantage of making a purchase process more complicated--NFC requires a powered, active, working phone. What if the phone crashes? What if the battery dies?
A credit card is solid state, requires no power, and is usable just about anywhere...
Am I missing something?
Click to expand...
Click to collapse
It's the overall potential to removing all the clutter of having multiple credit cards with multiple bills and a wallet full of info that is hard to recover. If I lose my Wallet I have to call all my credit card companies and cancel all my cards then have to wait for them to resend them in the mail. With this I can easily recover with just a new phone. It sucks right now because not many people accept it but you are considered an early adopters if you join right now so there is going to be some teething pains you're going to go threw. Also think of this as like those key chain things that gas stations use for easier and faster gas purchases. It's like that but on a bigger scale
Sent from my LG-P999 using xda premium
Buff McBigstuff said:
Did you get your $10?
Click to expand...
Click to collapse
I did It was certainly worth $10 to give this a go!!
psychoace said:
It's the overall potential to removing all the clutter of having multiple credit cards with multiple bills and a wallet full of info that is hard to recover. If I lose my Wallet I have to call all my credit card companies and cancel all my cards then have to wait for them to resend them in the mail. With this I can easily recover with just a new phone. It sucks right now because not many people accept it but you are considered an early adopters if you join right now so there is going to be some teething pains you're going to go threw. Also think of this as like those key chain things that gas stations use for easier and faster gas purchases. It's like that but on a bigger scale
Sent from my LG-P999 using xda premium
Click to expand...
Click to collapse
I can see that as an advantage, perhaps. Maybe there will be a day when I walk out of my door carrying only my ID, my phone, and my car keys, but not yet. I do not trust my phone to be working all the time every day. All it would take is one phone failure when I actually need to purchase something to sour the experience for good.
Again, when it comes to purchasing goods/services, I think simple is best. Time will tell.
Security. Your credit card is an archaic tool rife with vulnerabilities. Chip based payment systems are arguably more secure.
psychoace said:
It's the overall potential to removing all the clutter of having multiple credit cards with multiple bills and a wallet full of info that is hard to recover. If I lose my Wallet I have to call all my credit card companies and cancel all my cards then have to wait for them to resend them in the mail. With this I can easily recover with just a new phone. It sucks right now because not many people accept it but you are considered an early adopters if you join right now so there is going to be some teething pains you're going to go threw. Also think of this as like those key chain things that gas stations use for easier and faster gas purchases. It's like that but on a bigger scale
Sent from my LG-P999 using xda premium
Click to expand...
Click to collapse
Damn, I really got to stop typing long crap like that on my cell phone. I need punctuation damnit.
I tried it a while back at Best Buy, especially since Google is handing out a free $10. Yeah, it's nothing special, but I like the idea of keeping some cash on there in case I ever leave my wallet at home. I've gone out of town on business before only to get 2 hours down the road and realize I don't have my wallet. I NEVER leave my phone. It's a good option to have.
psychoace said:
Damn, I really got to stop typing long crap like that on my cell phone. I need punctuation damnit.
Click to expand...
Click to collapse
I've seen much worse
Sent from the MIUI powered E3D
Deanwvu said:
I do not see the appeal.
It's just as easy (easier, really) to swipe a credit card.
I do not see the advantage of making a purchase process more complicated--NFC requires a powered, active, working phone. What if the phone crashes? What if the battery dies?
A credit card is solid state, requires no power, and is usable just about anywhere...
Am I missing something?
Click to expand...
Click to collapse
It's because you're now old school.
Don't worry I argued this same point - there's not much appeal when I have to carry a wallet anyway for my ID and some cash for places that charge for credit cards. Google wallet takes more work than paying for a card for me.
But I could see this being a fundamental shift in payment for younger generations who might have a phone but no real need for a wallet - who will grow up used to this system.
The real issue at the moment is battery life, I'm sure 5-10 years from now week+ battery life will be the norm and using phone for everything will become acceptable. Phones will also not be so fragile (cough iphone) so it will be as reliable as a piece of card (or almost).
Personally though, I think an NFC card would be way more convenient. It could be the size of a credit card, with a touch screen interface that lets you use it for payment or as a driver's license. But this kind of tech is probably at least 10 years away.
Can I ask you guys which method is the best one out there ?
I do have root.
http://forum.xda-developers.com/showthread.php?t=1365360
or
http://forum.xda-developers.com/showpost.php?p=20404813&postcount=350
I think I'm a little confused by wallet. I know it wasn't inclued out of the box because of Verizon. I was able to download it from the market, install and activate it. I have the $10 and went to test it. I went to pay and the phone said sent but did not display the merchant for confirmation and the merchant didn't receive it either. They are supposedly setup for it. Do I need to grab one the other APKs and reinstall or is there any ideas you guys may have? I've searched plenty and saw no mention of what I'm experiencing. Thanks for any insight.
+1
Thank you!
finally some one that sees the truth
Deanwvu said:
I do not see the appeal.
It's just as easy (easier, really) to swipe a credit card.
I do not see the advantage of making a purchase process more complicated--NFC requires a powered, active, working phone. What if the phone crashes? What if the battery dies?
A credit card is solid state, requires no power, and is usable just about anywhere...
Am I missing something?
Click to expand...
Click to collapse
Deanwvu said:
I do not see the appeal.
It's just as easy (easier, really) to swipe a credit card.
I do not see the advantage of making a purchase process more complicated--NFC requires a powered, active, working phone. What if the phone crashes? What if the battery dies?
A credit card is solid state, requires no power, and is usable just about anywhere...
Am I missing something?
Click to expand...
Click to collapse
I am on the fence, see the pros and cons with both...but eventually when the NYC MTA implements this technology broadly it would pretty sweet to use if you happen to misplace or forget your train ticket and/or metro card
For now, I have to agree. It is less convenient than just using a card.
What would ultimately be really cool is to replace all those things we're talking about with just your phone. Unlock your house, start your car, verify your identity, pay for stuff... all with one device. But until I can ditch my wallet and keys entirely, it's just another way to complicate things instead of a solution to make life simpler. Can't wait for the future!
I've now used it at about 5 different locations and it's pretty fast, with much potential. assuming you've entered your pin ahead of time, it's faster than paying with a physical card. my phone hasn't crashed for more than a month (since going to custom roms) and fcs are extremely rare. therefore it's as reliable as I expect it to be
Sent from my Galaxy Nexus using xda premium
My phone gave me fits when I tried to use Google Wallet at Rite Aid. Fortunately the cashier mived the rest of the line behind me to a free register so I could keep trying, because I had to start over like 8 times. It's a nice gimmick for now, but it won't really be practical until more businesses support it and the bugs get worked out.
Terminators run on Android
I see the appeal in that my phone is quickly becoming my life "tool"
First it integrated my iPod/music player, now does movies, now does hand held games, mobile web browser and email means its now used for work purposes... replicon now has timesheet app so it also records my time in/out of a job......google wallet is now what I use to pay for groceries at the store instead of carrying my wallet in my pocket and possibly loosing my wallet... if my phone is lost, they have to go through 3 passwords before getting to my wallet.
Im thinking more of it as a "why not"... my phone is becoming more and more useful
out for a run with only my phone, need a drink, run into cvs, swipe phone
I used it at 7-11 yesterday just to test it with the free $10. It worked flawlessly but I don't see replacing my wallet until everyone accepts this interface.
I would use it more now if I was able to add my Wells Fargo debit card. Hopefully the ability to add any type of debit/credit card will be the next stag of evolution for this service.
Sent from my Galaxy Nexus
One advantage is that you can see all your previous transactions electronically more conveniently (not having to log into your credit card account, or wait a day or two before the transaction showing up there).
Another advantage is that coupons and deals can be used more easily. For example, right now if you go into Google Wallet, you can choose offers like 15% off entire purchase at Gap & Banana Republic when you pay with NFC. The offers are pretty limited right now, but I reserve my judgement until Google Wallet or Isis (Verizon/AT&T/T-Mobile NFC payment system) take off.
In principle, it is more secure since even if you lost your phone, with your phone unlocked, other people can't use it for NFC payment since it requires an additional PIN code. But then of course losing the phone itself probably costs a lot too...
If Google Wallet or Isis gain traction, more credit card companies will jump in. And hopefully that means you can add more credit cards can be stored on your phone, eliminating the need to carry a number of physical cards.
Oh... and it saves a lot of time for a typical female not having to find an additional item in their over-stuffed purses.
http://phandroid.com/2012/07/26/hac...ble/?utm_medium=referral&utm_source=pulsenews
Sent from my HTC One XL using xda app-developers app
good read good thing i keep my nfc off all the time
Can anyone confirm that the radio is actually off when NFC is unchecked in settings?
Sent from my HTC One XL using xda app-developers app
This vulnerability affects very few users. Furthermore, those users that it does affect must have their phone's screen turned on for the vulnerability to be exploited. Surely if you have your screen on, you'd be aware of any foul play from third parties; why are you worried?
Screen has to be on and it has to be VERY close or near (hence the n in nfc)
Sent from my Nocturnal HOX
JamesR913 said:
Screen has to be on and it has to be VERY close or near (hence the n in nfc)
Sent from my Nocturnal HOX
Click to expand...
Click to collapse
Screen on, device unlocked *and* within a few cm of this device (this is the NFC antenna portion of the device, not just anywhere on the device).
I'm rather interested in how exactly this could be done. Though I reckon it could potentially be dangerous to publicly release that info, I could call it a case of "it's not a bug, it's a feature" and do pretty useful things with it. I'm thinking along the lines of making the phone connect to wifi, which without such hacks is only possible if the phone that scans it has one from a number of NFC apps installed. Pre-installing that app too just so you can log into wifi at someone's house kind of eliminates the purpose of using NFC to login in the first place.
If you programmed a NFC tag with a url that contained embedded javascript (or escaped characters that would later unescape to javascript) *and* the browser interpreted them instead of ignoring them or invalidating the whole url... maybe. But it's a big 'if'.
Most new-ish browsers now disallow Javascript in URLs. The other main attack vector would be a trusted site with reflected XSS vulnerability (ie, a site that renders URL-encoded parameters into the rendered page, like a 404 page that displays the requested URL within the error message), but it's more likely that an attacker would just host his own page since the URL target of a NFC tag is opaque until read, anyway.
The main thing: don't allow NFC to launch the browser without previewing the URL's value, and don't preview the url's value in any container that can be induced to interpret its content as HTML.
Sent from my SAMSUNG-SGH-I747 using Tapatalk 2
Well, if it is possible to make someone connect to wifi using javascript, then it might be interesting to put a small website online with just that bit of javascript. I could then put a hyperlink to that page in the NFC tag. Would still require internet access, but it would use a lot less data to work that way (the normal way is installing an app first, which costs way more data) and it would also be faster and require less actions. From the user's view, it is a lot more elegant. This would mean you don't have to inject the javascript directly into the url and run the risk of the url being blocked by the browser.
Bad side is that you will in all likelyhood practically be putting your wifi password on the internet. That might be a major security issue.
That is assuming it is possible to make devices connect to wlan using javascript, which I understand from your post it is, though I can't find out any information on this.
What do you think about this theory?
It depends mainly upon how Android handles NFC events. If it fires an intent that relays the NFC tag's content to a handler that blindly fires it off as another intent, or blindly opens it in a browser window... well... there's a good chance that Bad Things(tm) will eventually happen somehow. If Android makes at least half an attempt to sanitize the NFC-read content, and doesn't have any command-injection vulnerabilities along the way, it'll probably be OK.
I'm still reading up on Android's specific implementation of it. Much of what I wrote above is actually based on naive handling of QR-encoded URLs.
Speaking in the abstract, the worst thing I can imagine an end user doing today is downloading (or writing) cobbled-together handler with no sanity-checking or sanitizing that registers itself as a listener for NFC events, gets the user to make it the official handler, then does something completely stupid, like reading the String straight from the tag and using it to blindly construct a new Intent and fire it off. The thought of someone doing that gives me chills.
what if someone where to place a chip near a pay-pass location while using google wallet? what then?
A 'chip' ? Basically nothing, except possible denial-of-service due to interference (you can't read two tags simultaneously).
There's nothing magic about NFC. At the end of the day, it's basically a low-ceremony moderate-speed serial link that allows parasitic powering of low-cost radio+eeprom modules in the form of tags. It's what you and the software make of it.
NFC payments are no more or less inherently secure than online paypal purchases encrypted with SSL. In the grand scheme of things, the actual data transfer is usually the *least* of your problems, compared to how the data is stored on your end & handled on the other end.
Would you ever allow your PC to indiscriminately send $10 via Paypal to anybody who manages to plug in a flash drive for 7 seconds? Then don't run a payment client that automatically satisfies any payment request you literally wave in front of it without at least requiring some form of affirmative confirmation & approval from you.
Can a badly-implemented NFC app be cloned or impersonated? Sure. And so can your Visa card, if you hand it to the waiter & he swipes it through his own capture device when you aren't looking. That's why you never, ever want to agree to TOS that leave you on the hook for basically unlimited charges.
NFC payments backed by Visa or Mastercard are a wonderful thing. If somebody defrauds you, you fill out a form, file a police report if necessary, and maybe pay $50 if you have bad credit & your issuer feels like they can screw you as a subprime customer. Otherwise, that's the end of it, unless the bank can prove you committed fraud or engaged in wantonly reckless and unfathomably stupid behavior.
NFC payments backed by my checking account, and no daily hard purchase limit like $50? No. Way. In. HELL. I had a debit card stolen 10 years ago. By the time the bank contacted me, my account was overdrawn by almost $5,000. For almost a week, I couldn't even cash a check from my parents, because it would have just gotten absorbed by the overdraft. I spent 2 days just fighting with the bank to get the ongoing $29+ overdraft fees (for legit expenses autopaid after the thief overdrew my account) waived (after they finally credited the fraudulent charges back to me, ~2 weeks after it happened, and I was able to argue that they wouldn't have *been* overdrafts if the bank had done its job and noticed charges for stores and things I've never bought in my life). The truth is, it's *very* hard to unwind and fix a checking account catastrophe.
So, in summary:
* wave my phone over a sensor to blindly pay $3 and board a subway train that's going to depart without me in 17 seconds if I don't run like a mofo up the escalator, paid from a fund that gets topped off $25 at a time, at most twice per week? Sure.
* wave my phone over a vending machine that requires a pin code the first time I do it at a new location, is backed by a credit card, and maxes out at $10/day? Sure.
* ditto SPECIFICALLY for Taco Bell.
Bigger charges? Ask me, and make me explicitly authorize them after demonstrating my knowledge of a passphrase.
Sent from my SAMSUNG-SGH-I747 using Tapatalk 2
NFC is absolutely insecure. It was discussed by Steve Gibson of GRC on last week's (Oct 3rd) podcast of Security Now.
http://twit.tv/show/security-now/372
It was discussed by him, and if you read the whole thing, he basically said exactly what I did. NFC itself is security-neutral. It's a slow short-range wireless serial port.
If someone wrote a proof-of-concept app that ran on your PC, monitored COM1 at 9600-8-N-1 & responded to "transfer://amt=100&acct=123456789" by blindly transferring $100 to account #123456789 without even asking for confirmation, would you declare that serial ports are "totally insecure", too?
NFC is a hardware capability. Nothing less, nothing more. Software can use it for good *or* mischief. Include a compensating control that requires physical affirmation of intent, and legal controls to limit your total liability, and its use for payment is no worse than a prepaid transit card. Security isn't a thing, it's a process with layers of things, some of which WILL occasionally fail.
Remember, if a mugger marches you up to an ATM with a gun in your back, the bank isn't going to refund your withdrawal, either.
Sent from my SAMSUNG-SGH-I747 using Tapatalk 2
bitbang3r said:
Remember, if a mugger marches you up to an ATM with a gun in your back, the bank isn't going to refund your withdrawal, either.
Sent from my SAMSUNG-SGH-I747 using Tapatalk 2
Click to expand...
Click to collapse
WOW that sucks. My bank would. Sucks to be you.
Sent from my squirrel.