October 17, 2013
Jack Dorsey, co-founder of Twitter, has another financial venture called Square Cash (SC) which is a free service that allows users to send money via email. This app is free and requires no sign-in process.
The user simply composes an email as normal; cc’s the email to firstname.lastname@example.org, copies a SC email address with the amount to be sent included in the subject line.
Once the email is sent, SC will reply to the user with an email asking for a debit card link to access funds for payment.
The recipient of the email can click on the link and deposit the money into their bank account. This service can also be accessed with a smartphone.
A limit of $2,500 per week, per user is imposed for all transactions in that time period and this service only works with credit and debit cards with the VISA or MasterCard logos.
This restriction also entails person-to-person transfers, not business transactions between merchants.
SC is compatible with PayPal and Venmo .
The entire process will take only 2 business days.
SC assures users that their database is secure as well as email transfer connections.
Brian Grassadonia of SC said: “Square Cash makes it convenient to send money to anyone—without making them jump through hoops to retrieve it.”
Security Research Labs (SRL) states that SIM cards in smartphones could be utilized by hackers to gather online banking account information.
Indeed, an estimated 500 million subscriber identity module (SIM) cards have been identified as having vulnerabilities that allow remotely controlled attacks to occur.
SIM cards are “tiny computers that store crucial cryptographic data.”
SIM cards store data on user’s such as phone number, private login and billing information. This includes details about a user’s PayPal and credit card numbers so that the hacker can infiltrate all financial records of individuals.
It is unclear whether or not users can verify that their SIM card is vulnerable to hacker attacks. Specific details provided by the manufacturer cannot assist the user with determining if they are a sitting duck.
Apps made for smartphones are syphoned through SIM cards because they act as a portal .
Karsten Nohi, founder of SRL, is expected to provide this research to the BlackHat Conference in Las Vegas in the later part of this month.
SRL asserts that hackers would send “an unrecognizable, binary text message usually meant to carry user logs and telephone settings to a victim’s phone.
The cellphone then responds by sending back an error message carrying a signature that can be distilled to reveal a 56-bit Data Encryption Standard (DES) key. DES is an old encryption standard used by about one in eight phones around the world.”
Through the “cracked key” the hacker can “download software onto the SIM card that can, among other tricks, change voicemail numbers and find out exactly where a phone is at any time. This allows for remote cloning of possibly millions of SIM cards including their mobile identity as well as payment credentials stored on the card.”
Nohi said : “We can remotely install software on a handset that operates completely independently from your phone. We can spy on you. We know your encryption keys for calls. We can ready your [SMSes]. More than just spying, we can steal data from the SIM card, your mobile identity, and charge your account.”
Because SIM cards are employed as a de facto trust anchor for cellular phones, simply using two Short Message Service texts can allow a hacker to break into the phone, steal data, listen in on the calls made, and make purchases as if they were the owner of the phone.