Computer Business Review

Security hole sees Google Wallet suspended

Allan Swann

12:08, February 13 2012

Google has announced that it has suspended pre-paid Google Wallet card scheme due to security holes exposed by users that ‘root’ their devices.

Google Wallet is the company's entrance into the NFC (near field communications) mobile payment market, essentially a virtual credit card that can be used for real world payments. The industry is expected to take off in 2012 as more Android devices insert NFC chips, and the upcoming iPhone 5 is expected to be NFC compatible.

Google Wallet is available in the US, but has yet to launch in the UK. Telco's, banks and other technology companies are rushing into the space to ensure they don't miss out on what will be a trillion dollar industry

Zvelo discovered the flaw in Google Wallet's PIN password protection system, which meant that any Android user who 'roots' their device (that is, hacks it to give the user administrator level access to the device's core software) would be suspectible to a hacking attack.

"Google Wallet is protected by a PIN -- as well as the phone's lock screen, if a user sets that option. But sometimes users choose to disable important security mechanisms in order to gain system-level "root" access to their phone; we strongly discourage doing so if you plan to use Google Wallet because the product is not supported on rooted phones. That's why in most cases, rooting your phone will cause your Google Wallet data to be automatically wiped from the device," said VP of Google Wallet Osama Bedier.

This is an irrelevancy to all but the most hardcore power users of Android devices, but Google isn't taking any chances with its new star product, and potential big earner for the firm looking to expand beyond web based advertising.

Google's vice president of Google Wallet, Osama Bedier, says the company has pulled its pre-paid card scheme - which remains the main way consumers load up their Google Wallet - until a security fix is found.

"[Google] is addressing an issue that could have allowed unauthorized use of an existing prepaid card balance if someone recovered a lost phone without a screen lock, tonight we temporarily disabled provisioning of prepaid cards. We took this step as a precaution until we issue a permanent fix soon."


Post a comment

Comments may be moderated for spam, obscenities or defamation.