Near Field Communication's card emulation mode is a way to put virtual 
smartcards into mobile phones. A recently launched application is Google 
Wallet. Google Wallet turns a phone into a credit card, a prepaid card and a 
tool to collect gift certificates and discounts. Card emulation mode uses 
dedicated smartcard chips, which are considered to fulfill high security 
standards. Therefore, card emulation mode is also considered to be safe and 
secure. However, an NFC-enabled mobile phone introduces a significantly 
different threat vector. Especially a mobile phone's permanent connectivity 
to a global network and the possibility to install arbitrary applications 
onto smart phones open up for several new attack scenarios. This paper gives 
an overview of the new risks imposed by mobile connectivity and untrusted 
mobile phone applications. The various APIs for secure element access on 
different mobile phone platforms and their access control mechanisms are 
analyzed. The security aspects of mobile phones are explained. Finally, two 
practical attack scenarios, a method to perform a denial of service (DoS) 
attack against a secure element and a method to remotely use the applications 
on a victims secure element without the victim's knowledge, are highlighted.