An Analysis of the Smartphone Point-of-Sale System

Abstract

Smartphones have become powerful enough to replace general purpose computers as the platform for payment applications. This thesis investigates Android smartphone payment applications and audio-jack magnetic card readers (AMSRs). Taint tracking is integrated into the payment application analysis to discover where card data may leak to other applications. The analysis of AMSRs discovers a software logic vulnerability which provides direction to pursue an investigation of public key cryptography under the constraints of Android audio port power. Veri ed by both hand measurements and simulation, the Samsung Galaxy S2 is found to generate enough power from its audiojack to a microcontroller that can perform the ECIES microbenchmark in 1.6s.