Threat Category: Application-based
ID: PAY-5
Threat Description: HCE payments do not directly leverage the security of storing cryptographic keys in the Secure Element, and therefore must securely manage cryptographic secrets and transaction details at the application level. Operating at a lower security baseline makes HCE-based payment apps attractive targets for financially-motivated attackers. The further-lowered security baseline of rooted or jail-broken mobile devices renders HCE-based apps highly vulnerable to compromise.
Threat Origin
Secure Element Deployment & Host Card Emulation v1.0 1
Exploit Examples
Not Applicable
CVE Examples
Not Applicable
Possible Countermeasures
Deploy EMM or containerization solutions to prohibit the use HCE-based apps on rooted or jail-broken devices.
Use app-vetting services for HCE-based payment apps to determine if they are trustworthy prior to deployment.
Mobile Device UserDo not use HCE-based apps on rooted or jail-broken devices.
Mobile App DeveloperReview additional methods for ensuring the confidentiality and integrity of mobile payments. Sources of additional guidance include the Smart Card Alliance 2 and Mozido 3
References
C. Liang and H. Chen, “TouchLogger: Inferring Keystrokes on Touch Screen from Smartphone Motion”, presented at 6th USENIX Workshop on Hot Topics in Security, 9 Aug. 2011; https://pdfs.semanticscholar.org/8c8c/f6ff0a88a5ae99360cada9afaf5439b61a8d.pdf [accessed 11/07/2016] ↩
M. Vanhoef et al., “Why MAC Address Randomization is not Enough: An Analysis of Wi-Fi Netowrk Discovery Mechanisms.”, in Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security, 2016, pp. 413-424. ↩
HCE Payment - How it works and best practices for banks, white paper, Mozido, 2016. ↩