Qualcomm, US based semiconductor and telecommunications equipment company has revealed that none of the mobile wallets operating in India are safe and secured due to a major security vulnerability. In fact, the company has even questioned the safety preparedness of the Indian Govt. when it comes to cashless push and digitalization of the economy.
Qualcomm right now provides chipset to 37% of all phones sold in the world, and when a company of this magnitude warns about the security loopholes present in popular mobile wallets like Paytm and the others, then it should be listened.
Why Mobile Wallet Companies Are Vulnerable To Hacks?
As per a Sy Choudhary, who is a Senior director for program management at Qualcomm, none of the mobile wallet companies in India are using hardware-levels security feature, which makes them prone to software attacks and hacks.
As per him, other global wallet companies like Alipay, WeChat from China and Apple Pay from US are already using this feature, which makes them more secured than Indian mobile wallets.
As per Sy, most of the banking and mobile wallet firms from India are using a simple Android based security layer, which can be easily bypassed, and infect the hardware (smartphone).
He said, “You will be surprised because most of the banking or wallet apps around the world don’t use hardware security. They actually run completely in Android mode and users’ password can be stolen. Users use fingerprint which might be captured … in India that is the case for most of all digital wallets and mobile banking apps,”
When asked about the authenticity of their claim, Sy said that they are working with most of the OEMs (original equipment makers), hence, they have the insider knowledge about this security loophole).
How Hardware Based Security Layer Can Help?
All smartphones which are using Qualcomm’s chipsets, are already equipped with the hardware based security layer, but most of the wallet companies are not aware about this, hence, they fail to use this security layer for better safety of the consumers.
As per Qualcomm, this hardware level security feature separates the transactions on mobile from the operating system, thereby making it more safe and secured. Hence, even if the hacker is able to get through the mobile wallet/banking app, he can’t get through the hardware.
Sy said, “Everyone is getting connected, everyone is getting authenticated by device. How do you know that your device is getting ready for demonetisation? When you download a mobile banking app you don’t know if it is using hardware security or not..”
Are Mobile Wallets Insecure, Unsafe?
As digital transactions are increasing day by day, especially after the demonetization move, the threats and dangers of a cashless economy are also coming into the picture.
We have already reported how a loophole within a digital wallet inspired few students to steal to Rs 8.6 crore; how credit card details from some of the popular apps have been stolen, and sold to scamsters; and how money is being mysteriously debited from mobile wallets, and unauthorized pizza payments are becoming the norm.
As per global reports and researchers, digital wallets in India are indeed insecure, and prone to easy hacks, which can unleash devastation all around.
As per Qualcomm, almost every digital wallet company from India will start using their added hardware security layer, which will induce more safety and security for all users. Using parameters like device id, phone manufacturer signature, Android version number, root kit of the OS, location and time, wallets can ensure that the hackers are not able to penetrate the hardware.
Sy said, “Device attestation feature will start shipping in 2017. For end users it should be available by end of 2017..”"Qualcomm Claims All Indian e-Wallets Are Insecure, Prone To Hacks; Pushes For Hardware Based Security Layer",