Apps Gone Rogue: Sinister Code Targets Smartphone Users

Something as innocent as an app that lets you play tic tac toe can turn into a credit card thief, by simply coming in contact with your wallet.

The same technology that lets consumers use their smartphones in lieu of cash at the register can be turned against them.

Wireless radio technology that transmits data between two devices, Near Field Communication (NFC) lets certain sinister apps swipe consumer’s credit card information in an instant.

Any NFC phone can read a credit card because the two devices share the same technology. Most new smartphones – except iPhones – are equipped with NFC technology.

And a lot of new credit cards also have radio chips. Put the two near each other and, according to security expert Walt Augustinowicz, consumers have all the ingredients to be ripped off.

“It’s incredibly dangerous,” he said.

Augustinowicz is the founder and CEO of Identity StrongHold, a company that makes ID badge holders that protect radio chips that contain sensitive information. The White House is one of his clients.

“You are giving people a key to your wallet and they don’t have to touch it anymore,” he said.

To prove just how easy this scam is, Augustinowicz created an app capable of looting its users.

“We spent 20 bucks, signed up an account, wrote the little app and we uploaded it,” he recalled. “Fifteen minutes later, it was available for anybody to download.”

The Android app is a fully functional game but Augustinowicz’s team inserted a piece of hidden code, so once the game is downloaded to a phone, it starts constantly scanning for credit cards.
If the phone gets close to a credit card, it grabs the number and emails the information to a mystery third party.

“Just like that, someone somewhere has your credit information and can use it to go shopping,” Augustinowicz. “And that’s what we did.”

The Get Garcia team took the credit information they grabbed with the tic tac toe app and used it to buy shakes at McDonalds, spending $4.18. (The credit card belongs to Augustinowicz, so no harm was done.)

The FBI recently issued a warning to Android users to be aware of malware hidden in apps, and advised users not to download an app without researching it first. Users also must make sure they understand what permissions and access they are agreeing to when they click “accept.”

Many apps track location and some can access contacts and email. Apps for Apple products are considered slightly safer since Apple says it vets every app it offers.

Contact Us