Details of the vulnerabilities uncovered have been provided to handset manufacturers. “We’ve notified all the phone vendors and manufacturers, and there’s a lot of work being done on this now,” he said. “I can’t name names, but I will say that we’re working with one large tablet and smart-phone manufacturer.”
Modifications to the hardware or software of a mobile device can muddy the signals that an eavesdropper can pick up. Many wireless credit-card readers already include such countermeasures, said Jun.
In the case of smart phones and tablets, software upgrades that split operations using cryptographic keys into multiple parts that are then combined could protect existing devices without changes to hardware, said Jun. However, such tactics come at a cost. “They do require some kind of performance hit,” said Jun, because they ask a chip to do more work. That also means more power consumption, which could deter some developers, who are loath to waste precious battery life.