Late last week, reports about a certain flaw being discovered on Google's popular mobile payments system, Google Wallet began doing rounds. Closer inspection revealed that a certain glitch, discovered by Colorado-based security firm, zvelo rendered a user's prepaid funds on a lost or a stolen mobile minus the screen lock, open for anyone to gain access to. As explained in a The Verge report – simply put – if anyone manages to get access to your phone's app settings for Google Wallet, they can easily delete all of your Google Wallet data that's stored on the phone, by simply tapping “Clear data.” Once through this step, the miscreant on trying to access Google Wallet again is prompted to go through the intial setup process again, which includes entering new PIN, as well as tying Google Wallet to a Google account. The miscreant can now re-enter the default Google Wallet prepaid card to the Google Wallet app; and now owing to the fact that Google Wallet is connected more to the hardware, and not to an account, the previous prepaid card gets re-entered, giving the miscreant the key to all the funds on your Google Wallet card.
The issue was first found to affect only users who rooted their Android phones, according to The Verge, while a later update confirmed that the issue affected all users. While no more details were revealed on this, Google assured its users that it was working on it to resolve the matter, and as an immediate step disabled the affected prepaid cards service, temporarily. Google, reportedly has been worried about the increasing threat coming in, especially because some users choose to disable security mechanisms, on their phones, such as password-protected screen locks or “rooting” their mobile phones to remove software restrictions on the devices. However, in an official blog post, Osama Bedier, Vice President, Google Wallet and Payments, has stated that, “…you can be confident that the digital wallet you carry provides defenses that plastic and leather simply don’t.” He added that they provide toll-free assistance, in an event of the loss of one's phone and subsequent misuse.
Google launched their Google Wallet service, last year and promised to revolutionize mobile payments, by allowing users to store their credit cards, loyalty cards, and gift cards among other things. It also allowed users to redeem sales promotions on their mobile phones. The service uses the popular NFC (Near Field Communication) technology to aid faster, secure payments. However, the service, for now is only available on Sprint Nexus S 4G phones.
Publish date: February 13, 2012 3:02 pm| Modified date: December 18, 2013 9:35 pm
Android, Citi MasterCard, credit cards, Google, Google Prepaid card, Google Wallet, loyalty cards, Near Field Communication, Nexus S 4G, NFC, Rooted Android phones, screen lock, Security, Sprint Nexus S 4G phones