Pervasive use of mobile devices poses risks to security and priva...

open bank accounts, the agency said. But mobile device users leave traces of their identities and transactions that can be exploited for wrongdoing, it said. Key vulnerabilities of smart cards and NFC devices include untrustworthy user interfaces and theft, it said. And smart cards can be attacked physically, by rewiring chips or using probing pins to track data flows and gain access to secret stored information, the agency said. Side-channel attacks exploit physical information leaked during transactions, it said. Smart cards are at risk of man-in-the-middle attacks between server and card intercepting or deleting communications, the agency said. Cryptoanalytic attacks directly pursuing cryptographic algorithms are possible, it said. NFC and contactless devices can be skimmed secretly by an unauthorized device eavesdropping or reading their content, the agency said. Criminals can use the modalities to track people, in time profiling a person’s activities, it said. Unauthorized writing into the file system could falsify content, the agency said. The vulnerabilities could lead to invasion of privacy and financial loss from theft of sensitive data, it said. EU governments should set privacy mandates for emerging technologies with aid from industry and academia, the agency said. It seeks globally accepted standards for telecommunications, data transfer, security and payments. Mobile network operators, banks and national ID card producers must resolve the problem of fundamentally differing personalization processes for ID cards, mobile phones and payment cards, it said. Finally, the agency said, mobile infrastructure should give users a central role in security, and sellers of the devices should train buyers in their proper use.