x We have placed cookies on your device to make your experience better. Find more info here.
x PhoneArena.com наема във Варна! Ако технологиите са в кръвта ти и имаш перфектен писмен английски,
ние ти даваме възможността да станеш част от екипа ни. - виж повече
  • Home
  • News
  • Google Wallet is not as secure as it should be, suggest forensics experts

Google Wallet is not as secure as it should be, suggest forensics experts

Posted: , by Nick T.

Tags:

Google Wallet is not as secure as it should be, suggest forensics experts
After conducting some extensive research, the security experts at viaForensics concluded that Google Wallet is not as secure as it should be. In particular, their analysis shows that the mobile payment platform stores too much personal data on the smartphone, and the fact that it lacks encryption makes things even worse.

The list of personal information that is stored includes the user's credit card balance, limits, expiration date, transaction dates, locations, and even their name as it appears on the card, but the researchers say that there is even more. Of course, that data on its own is not enough for transactions to be made by third parties as the card's full number is well-protected. However, the risk of a potentially harmful social engineering attack is present indeed.

Google, on the other hand, does not agree with the results from the analysis as it was performed using a rooted smartphone. Unless a smartphone is rooted, an attacker would not be capable of retrieving the aforementioned user data as it would be inaccessible. Unfortunately, there have been instances of malware breaking through Android's restrictions and obtaining root access, so Google Wallet's reliability is still not certain when it comes to securing personal information.


20 Comments
  • Options
    Close




posted on 13 Dec 2011, 08:06 3

1. remixfa (Posts: 14060; Member since: 19 Dec 2008)


well, thats a double whammy to many of us

1) the bulk of the people on the boards probably have root access at minimum if not a full custom rom on there

2) why the heck is it not encrypted?

I was leery of NFC payments already, that is just making sure I never try them.

posted on 13 Dec 2011, 08:23 2

2. iankellogg (Posts: 155; Member since: 15 Jun 2011)


Just to let you know a normal credit card is a lot more insecure than the NFC payment system on phones. A normal credit card can be processed with just the number and expiration date, the pin on the back is not necessary. The normal paypass cards are even worse, they are fully passive NFC devices that store everything that is needed to process your credit card. I much rather have the google wallet over a standard credit card when it comes to security.

posted on 13 Dec 2011, 08:27 2

4. remixfa (Posts: 14060; Member since: 19 Dec 2008)


I understand that, but you can cancel your credit card in seconds and have it refunded back. NFC is a whole different world. If i lose my credit card, its just one card. if i use NFC and put all my cards on there.. when someone steals my phone, they get ALL my cards. With the amount of personal stuff we put on our cell phones its arguably worse to lose your phone than it is your wallet... especially after adding NFC.

Im not anti NFC, i just think that they need to spend some time to really prove its security and validity for using it. With so much personal data on the line, not being cautious would be a mistake.

posted on 13 Dec 2011, 08:34 1

5. SuperAndroidEvo (Posts: 4335; Member since: 15 Apr 2011)


Yes you are right but with a credit card you actually need to see the numbers or have the numbers. With a NFC chip people can devise a hack to read NFC chips from the mobile devices. They may be able to scan a whole city block or maybe even towns themselves. This seems like science fiction but there are always bad people who will devise such evil doings. Man I sound like a comic book. lol

The NFC chip is in its infancy, they will get it right & it will make credit cards obsolete in the very near future. This is where tech is going & it's very exciting. There are so many other wonderful applications that NFC could be used for besides payments, the future looks very bright for NFC.

posted on 13 Dec 2011, 08:25 2

3. SuperAndroidEvo (Posts: 4335; Member since: 15 Apr 2011)


Yes it seems very weird that Google would release a product of that magnitude & not have it protected. I was excited to use a NFC payment system but now I will pass until they show that they have addressed this flaw.

It's very curious that Google could make this kind of mistake. One good thing about Google is that will remedy this ASAP & will make Google Wallet the great app it needs be so it can be the ambassador to the NFC era.

posted on 13 Dec 2011, 09:29

13. protozeloz (Posts: 5379; Member since: 16 Sep 2010)


1) Any Root App Needs SU permissions from the super user manager app and SU tells you when the app requests the permission too and whay file is modifying

2) agree why skip that step? it was important

now about NCF, if I'm not mistaken you can unpin your NFC enabled device from your Google wallet account just like your other Google services when someone steals your phone and that phone should be able to do. of course I would still recommend that you get lookout for tracking locking and wiping your device in case that happens.

posted on 13 Dec 2011, 08:49 1

6. The_Miz (Posts: 1496; Member since: 06 Apr 2011)


Why am I not surprised? Google Wallet is just like the OS it's on - unstable and insecure.

posted on 13 Dec 2011, 08:57 5

7. SuperAndroidEvo (Posts: 4335; Member since: 15 Apr 2011)


Wow just on cue. Welcome to the thread The_Miz. Why am I not surprised? I know because The_Miz is very, very predictable! lol

posted on 13 Dec 2011, 09:03 5

8. bloodline (Posts: 693; Member since: 01 Dec 2011)


just ban this twat already

posted on 13 Dec 2011, 09:04 4

9. iamcc (Posts: 1319; Member since: 07 Oct 2011)


Miz please never stop posting here. Your comments remind me of why I went to school and it makes me feel better about the whole ordeal.

posted on 13 Dec 2011, 12:34 1

16. The_Miz (Posts: 1496; Member since: 06 Apr 2011)


And yet you have nothing to show for it. ZING!

posted on 13 Dec 2011, 13:28

18. iamcc (Posts: 1319; Member since: 07 Oct 2011)


Yeah making six figures a year is a bitch.

posted on 13 Dec 2011, 09:19 3

10. protozeloz (Posts: 5379; Member since: 16 Sep 2010)


why I'm not surprised you would post in here

posted on 13 Dec 2011, 09:22 5

11. remixfa (Posts: 14060; Member since: 19 Dec 2008)


im nearly convinced miz is a broken spam-joke bot lol

posted on 13 Dec 2011, 09:24 3

12. iamcc (Posts: 1319; Member since: 07 Oct 2011)


Hey! That's what I said about taco... ;P

posted on 13 Dec 2011, 09:58 5

14. SuperAndroidEvo (Posts: 4335; Member since: 15 Apr 2011)


lol Now I finally get The_Miz. He is SPAM! lol

posted on 13 Dec 2011, 12:35 1

17. The_Miz (Posts: 1496; Member since: 06 Apr 2011)


Spam bot, really? Really? Really? Is that the lame-duck excuse you guys came up with because I'm speaking the truth?

posted on 13 Dec 2011, 13:30 2

19. iamcc (Posts: 1319; Member since: 07 Oct 2011)


Think about it. All of your posts follow this format:

Was the post the first on the thread? If yes, start post with: "FIRST!"

Was the article written about Android or Apple? If yes, insert these words anywhere in the comment: "unstable, buggy, laggy, slow, half baked OS, bad battery life"

posted on 13 Dec 2011, 14:03 2

20. SuperAndroidEvo (Posts: 4335; Member since: 15 Apr 2011)


You know, I consider SPAM sh*t. The_Miz talks a lot of sh*t. So Spam bot is kind of fitting, don't you think? lol

Just kidding The_Miz! :-)

posted on 13 Dec 2011, 11:46 1

15. dirtydirty00 (Posts: 260; Member since: 21 Jan 2011)


"SUGGESTS"

Want to comment? Please login or register.

Latest stories