This week the Google Wallet team was surprised when two different vulnerabilities were discovered. One hack revealed a user’s PIN number on a rooted phone and the other allowed anyone to reset the PIN and gain access to funds on a Google Wallet prepaid card.
Google quickly responded to the first hack by saying users should not use Google Wallet on a rooted device, and late last night they also responded to the second hack by saying they would temporarily disable provisioning of prepaid cards.
Many Android users are now questioning if Google Wallet is safe enough for mobile phone payments. Google responded, “The simple answer to this question is yes. In fact, Google Wallet offers advantages over the plastic cards and folded wallets in use today.”
I’ve included Google’s full statement they sent me below. It’s nice to see them address the recent issues so quickly, but I’m still wondering what you guys think. Are you comfortable with using your phone for mobile payments?
Over the last few days we've received questions and concerns about issues related to the security of Google Wallet. People are asking if Google Wallet is safe enough for mobile phone payments. The simple answer to this question is yes. In fact, Google Wallet offers advantages over the plastic cards and folded wallets in use today.First, Google Wallet is protected by a PIN — as well as the phone’s lock screen, if a user sets that option. But sometimes users choose to disable important security mechanisms in order to gain system-level “root” access to their phone; we strongly discourage doing so if you plan to use Google Wallet because the product is not supported on rooted phones. That’s why in most cases, rooting your phone will cause your Google Wallet data to be automatically wiped from the device.
Second, we also take concrete actions to help protect our users. For example, to address an issue that could have allowed unauthorized use of an existing prepaid card balance if someone recovered a lost phone without a screen lock, tonight we temporarily disabled provisioning of prepaid cards. We took this step as a precaution until we issue a permanent fix soon.
And just like with any other credit card, you can get support when you need it. We provide toll-free assistance in case you lose your phone or someone manages to make an unauthorized transaction.
Mobile payments are going to become more common in the coming years, and we will learn much more as we continue to develop Google Wallet. In the meantime, you can be confident that the digital wallet you carry provides defenses that plastic and leather simply don’t.Osama Bedier, Vice PresidentGoogle Wallet and Payments
Source: Google Commerce Blog
Taylor is the founder of Android and Me. He resides in Dallas and carries the Verizon Galaxy Nexus as his daily device. Ask him a question on Twitter or Google+ and he is likely to respond. Tagged#google wallet#hack#mobile phone payments#mobile security#NFC#Osama Bedier#quote#vulnerability .nrelate .nr_sponsored{ left:0px !important; }.nrelate .nr_sponsored{ left:0px !important; } 18 Comments Join the discussion!Sort by DateRating 
TopherGuest 16 hours ago Thumb upThumb down +23It’s still much harder to steal via Google Wallet than a plastic card, so I don’t see what the whining is about.
Reply
99Taylor Wimberly 16 hours ago Thumb upThumb down +8I agree. With a secure lock screen enabled and location tracking software, I would feel more secure if I lost my phone vs losing my wallet.
Reply
29dcds 12 hours ago Thumb upThumb down +1It’s secure enough, yes… but makes me wonder why they don’t just request some online verification the first time you set a pin in wallet.
Even I, when coding an app, code around the possibilities of a user cleaning app data.
Reply 29dcds 12 hours ago Thumb upThumb down 0By the way, I see you have now mobile profiles. Thanks!
Reply
4Ruben Alvarez 16 hours ago Thumb upThumb down +7There is risk in any transaction, even cash. You can be robbed of your cash on the way. People are afraid of the next thing as usual. Eventually this kind of thing will be normal and all the questions and speculation go away. Blogs tend to over blow security flaws anyways. A lot of them just want clicks for ad dollars and they blow little things up. I trust Google with my info, call me naive. Just a new technology that some people are afraid of, and the afraid make the most noise. It will be fine, I personally can’t wait to get an NFC device.
Reply 4Ruben Alvarez 16 hours ago Thumb upThumb down +8I re read my comment, I meant blogs in general, not pointing fingers at AndMe. The quality of this blog and site are above average.
Reply Michael MartinGuest 15 hours ago Thumb upThumb down +2well thanks to them disabling the provisioning of cards, i reset my wallet tonight and cannot get my card back up yet……….amazing
wish people would learn to grow up and keep their devices safe with them at all times with the obvious exception of if they get robbed.
Reply
91thekaz 15 hours ago Thumb upThumb down +8well, just another thing for the iPhone users to try and use to put Android down.. at least until Apple adds NFC payments — then it’ll be the greatest thing in the world.
I mean, seriously.. no one is going after the physical wallet manufacturers for the security vulnerabilities…
Reply MrChazGuest 15 hours ago Thumb upThumb down +1These attacks are exploiting vulnerabilities in Google’s app rather than in the contactless payment process.
Its a software fix to cover the fact that (as far as I know) these are just fancy magstripe transactions and lack the security available to chip & pin transactions.
I am not worried
ReplyBeing an early adopter isn’t always rainbows and sunshine… I’m sure all of the kinks with NFC will be worked out eventually
Reply
71greeny42 14 hours ago Thumb upThumb down +1Stop manufacturing panic. It’s still safer than a regular wallet or card.
Reply 71greeny42 14 hours ago Thumb upThumb down +3the only downside of the system for me is the small number of places that accept NFC payment.
ReplyI’m good with it. I lock screen and I have faith in Google.
Reply
8pjax 13 hours ago Thumb upThumb down +1They are so defensive. I would have been more satisified if they had said it this way
“we are well aware of the situation and we are all working very hard to issue the fix as soon as possible. Security is the number one priority for Google Wallet. As a precaution, we have temporarily disabled provisioning prepaid cards. We also understand that a persistent thief can just as easily gain “root” access on compromised devices, so we will fix that vulnerability as well. Google Wallet will be secure on all phones, rooted or not.
Google Wallet is still more secure than plastic cards or folded wallets, but we urge users to exercise extra precautions until we get the fix. Consider using pin/gesture codes as an added layer of security (we don’t recommend face unlock because it is less secure). Please consider these slight inconveniences while we will be working hard on the fix”
Reply 29dcds 12 hours ago Thumb upThumb down 0Me too. Because it’s safer than plastic cc doesn’t mean that you don’t need to improve security in wallet.
Reply
88Hall Lo 10 hours ago Thumb upThumb down 0Well i dun see no harm here…. As many have said already the same could be happening to your credit card, if someone got it and just used it… :/ I dunno why so many others are so nervous about it
Reply adi wijayaGuest 9 hours ago Thumb upThumb down 0bagus he…
Reply Leave a Reply Cancel replyYour email address will not be published. Required fields are marked *Name *Email *WebsiteCommentYou may use these HTML tags and attributes: Notify me of follow-up comments by email. Notify me of new posts by email. Hotly debated 
Goodbye old Browser, Chrome to become the standard browser on Android 4.0 and above 79 
Chrome Beta comes to Android 4.0 devices 77 
Can Android 4.0 replace a desktop PC? 75 
Apple seeks preliminary injunction against the Samsung Galaxy Nexus in the U.S. 66 
How Samsung’s Super Bowl ad should have been 62 Top commenters
ranwanimator 
+108on I really wish Android 4.0 would have looked more like Chrome
Ps3y3Ops +41on Motorola: Google’s hardware choices are why updates take so long
kk +32on I really wish Android 4.0 would have looked more like Chrome
Staff
© 2012 Android and Me 
LoginUsername
Password
Remember MeRegister | Lost your password? RegisterUsername
E-mail
A password will be e-mailed to you.Log in | Lost your password?Reset PasswordUsername or E-mail:
Log in| RegisterPowered by SimpleModal Loginimg#wpstats{display:none} 
No comments:
Post a Comment