Google Wallet flaw takes the lock off your mobile money

Mark Lennihan/AP - A person tries a smartphone loaded with Google Wallet at the National Retail Federation on Jan. 17 in New York.

By Meghan Kelly | VentureBeat.com,

A new vulnerability in Google Wallet gives access to your funds, even after the application data has been erased.

Google Wallet allows you to digitize your credit cards and pay for things using near-field communication (NFC). That is, all you have to do is touch your phone to a device and your item is automatically charged. Google has touted that its wallet isn’t like the leather ones—it actually has a lock on it. This lock exists in the form of a pin number that must be entered for access to the wallet. But a hack yesterday exposed an application that, when used on a rooted phone, can guess the pin number used for Google Wallet. Unfortunately, another vulnerability exposed an even easier way for criminals to get into your Google Wallet.

Loading...

Personal Post

Gallery

 Here’s a look at the tech moguls who made Forbes magazines’s list of the world’s billionaires in 2011. Eleven of the top 100 wealthiest people on earth come from the tech industry. Some are familiar names; others you probably haven’t heard of.

The virtual wallet is set up to take three different kinds of payment, a Citi Mastercard, a gift card, or Google’s prepaid card. The last option allows you to set up any credit or debit card to allocate funds to the prepaid card. This prepaid card isn’t associated with a Google account, but rather, it’s associated with the phone itself.

Enter the new hack. If someone has stolen your phone and gotten inside, all they have to do is go to your applications preferences and erase all of the data from Google Wallet. You would think this would erase your credit cards as well, but it doesn’t. The person will go through the motions of setting up the account, including setting a new pin number. After accesses the wallet with the new pin, the new user will be prompted to add a new card. He can choose to upload a prepaid card and because the card is tethered to your phone, all the information will repopulate, including your remaining balance (see video below for a demonstration).

The reality of this, however, is that while your phone being stolen also means your money is stolen, the same scenario would exist if your actual wallet was stolen. Google does tout the wallet as being safer than a regular wallet, but where there’s money, there’s risk.

We’ve asked Google to comment on what they are doing to protect their users from this vulnerability. We will update when we hear back.

via 9to5 Google

Copyright 2012, VentureBeat

Loading...

Comments

Add your comment
 
Read what others are saying About Badges