Quote:
Originally Posted by catsec
Well I'm not an expert, and I haven't yet gotten into mobile phone hacking. I just think it's obvious that with any new device and any new program or technology, there are going to be security vulnerabilities that could lead to viable exploits, and there will always be the looming specter of human error. If the security of a system comes down to a password, like security often does with various systems, there will always be idiots that put "password". Likewise if the security comes down to not opening a file attachment in an email, or clicking a link in a mobile web browser, there will always be people who don't know any better.
There would be definitely be pros to your idea with digital wallets and identification verification mechanisms, but there will undoubtedly be security related cons.
That being said, you might find these articles on the Android WebView exploit, which is estimated to affect 70% of Android phones on the market, interesting and informative. Cheers!
https://community.rapid7.com/communi...asploit-update
https://community.rapid7.com/communi...-cve-2014-6041
I'm really disappointed at your post because its not a unique response.
The mindset of everything can be hacked isn't something anyone should believe and I'm not saying that is what you are like or writing because I don't know for sure.
Everything can be reverse engineered but models can be perfect.
Use of encryption with security layers that are architecturally built in such a way where communication is only brokered by user's consent is possible without being hacked.
Nobody has yet to counterfeit any bitcoin for example because the model is pretty much flawless under what rules exist. Sure, the possibility exists but the rules are in such a way where privacy must exist and if we were to add a few rules that destroy privacy, the 50% attack would not exist.
Phones requiring a confirmation of a second device that is trusted and using a special message that is encrypted and speaks to a component in the phone that is completely locked from the main OS to the components broker would make something interesting. How the currency exists is up for debate but there is already a model that people seem to like and is really close to bullet proof.