Security hole sees Google Wallet suspended


by Allan Swann| 13 February 2012

Google has announced that it has suspended pre-paid Google Wallet card scheme due to security holes exposed by users that ‘root’ their devices.

Google Wallet is the company's entrance into the NFC (near field communications) mobile payment market, essentially a virtual credit card that can be used for real world payments. The industry is expected to take off in 2012 as more Android devices insert NFC chips, and the upcoming iPhone 5 is expected to be NFC compatible.

Google Wallet is available in the US, but has yet to launch in the UK. Telco's, banks and other technology companies are rushing into the space to ensure they don't miss out on what will be a trillion dollar industry

Zvelo discovered the flaw in Google Wallet's PIN password protection system, which meant that any Android user who 'roots' their device (that is, hacks it to give the user administrator level access to the device's core software) would be suspectible to a hacking attack.

"Google Wallet is protected by a PIN -- as well as the phone's lock screen, if a user sets that option. But sometimes users choose to disable important security mechanisms in order to gain system-level "root" access to their phone; we strongly discourage doing so if you plan to use Google Wallet because the product is not supported on rooted phones. That's why in most cases, rooting your phone will cause your Google Wallet data to be automatically wiped from the device," said VP of Google Wallet Osama Bedier.

This is an irrelevancy to all but the most hardcore power users of Android devices, but Google isn't taking any chances with its new star product, and potential big earner for the firm looking to expand beyond web based advertising.

Google's vice president of Google Wallet, Osama Bedier, says the company has pulled its pre-paid card scheme - which remains the main way consumers load up their Google Wallet - until a security fix is found.

"[Google] is addressing an issue that could have allowed unauthorized use of an existing prepaid card balance if someone recovered a lost phone without a screen lock, tonight we temporarily disabled provisioning of prepaid cards. We took this step as a precaution until we issue a permanent fix soon."

Post a comment

Comments may be moderated for spam, obscenities or defamation.

Join our network

792 people like this.
2210 people follow this.

E-commerce Intelligence

Suppliers Directory

  • Neverfail Overview

    The Neverfail Group is dedicated to creating a world where business applications are continuously available. High Availability, Disaster Recovery...

  • Webroot - Security Solutions

    Webroot provides industry leading security solutions for consumers, enterprises and small and medium businesses worldwide.

  • Capscan

    Capscan is a leading supplier of international address management solutions and data integrity services. Capscan has more than 1800 customers...

  • Qualys - IT security risk and compliance solutions

    Qualys is the leading provider of on demand IT security risk and compliance solutions - delivered as a service. Qualys solutions enable...

See more
Privcy Policy

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.