Google Wallet is not as secure as it should be, suggest forensics experts

Google Wallet is not as secure as it should be, suggest forensics experts
After conducting some extensive research, the security experts at viaForensics concluded that Google Wallet is not as secure as it should be. In particular, their analysis shows that the mobile payment platform stores too much personal data on the smartphone, and the fact that it lacks encryption makes things even worse.

The list of personal information that is stored includes the user's credit card balance, limits, expiration date, transaction dates, locations, and even their name as it appears on the card, but the researchers say that there is even more. Of course, that data on its own is not enough for transactions to be made by third parties as the card's full number is well-protected. However, the risk of a potentially harmful social engineering attack is present indeed.

Google, on the other hand, does not agree with the results from the analysis as it was performed using a rooted smartphone. Unless a smartphone is rooted, an attacker would not be capable of retrieving the aforementioned user data as it would be inaccessible. Unfortunately, there have been instances of malware breaking through Android's restrictions and obtaining root access, so Google Wallet's reliability is still not certain when it comes to securing personal information.


FEATURED VIDEO

20 Comments

1. remixfa

Posts: 14605; Member since: Dec 19, 2008

well, thats a double whammy to many of us 1) the bulk of the people on the boards probably have root access at minimum if not a full custom rom on there 2) why the heck is it not encrypted? I was leery of NFC payments already, that is just making sure I never try them.

2. iankellogg

Posts: 155; Member since: Jun 15, 2011

Just to let you know a normal credit card is a lot more insecure than the NFC payment system on phones. A normal credit card can be processed with just the number and expiration date, the pin on the back is not necessary. The normal paypass cards are even worse, they are fully passive NFC devices that store everything that is needed to process your credit card. I much rather have the google wallet over a standard credit card when it comes to security.

4. remixfa

Posts: 14605; Member since: Dec 19, 2008

I understand that, but you can cancel your credit card in seconds and have it refunded back. NFC is a whole different world. If i lose my credit card, its just one card. if i use NFC and put all my cards on there.. when someone steals my phone, they get ALL my cards. With the amount of personal stuff we put on our cell phones its arguably worse to lose your phone than it is your wallet... especially after adding NFC. Im not anti NFC, i just think that they need to spend some time to really prove its security and validity for using it. With so much personal data on the line, not being cautious would be a mistake.

5. SuperAndroidEvo

Posts: 4888; Member since: Apr 15, 2011

Yes you are right but with a credit card you actually need to see the numbers or have the numbers. With a NFC chip people can devise a hack to read NFC chips from the mobile devices. They may be able to scan a whole city block or maybe even towns themselves. This seems like science fiction but there are always bad people who will devise such evil doings. Man I sound like a comic book. lol The NFC chip is in its infancy, they will get it right & it will make credit cards obsolete in the very near future. This is where tech is going & it's very exciting. There are so many other wonderful applications that NFC could be used for besides payments, the future looks very bright for NFC.

3. SuperAndroidEvo

Posts: 4888; Member since: Apr 15, 2011

Yes it seems very weird that Google would release a product of that magnitude & not have it protected. I was excited to use a NFC payment system but now I will pass until they show that they have addressed this flaw. It's very curious that Google could make this kind of mistake. One good thing about Google is that will remedy this ASAP & will make Google Wallet the great app it needs be so it can be the ambassador to the NFC era.

13. protozeloz

Posts: 5396; Member since: Sep 16, 2010

1) Any Root App Needs SU permissions from the super user manager app and SU tells you when the app requests the permission too and whay file is modifying 2) agree why skip that step? it was important now about NCF, if I'm not mistaken you can unpin your NFC enabled device from your Google wallet account just like your other Google services when someone steals your phone and that phone should be able to do. of course I would still recommend that you get lookout for tracking locking and wiping your device in case that happens.

6. The_Miz

Posts: 1496; Member since: Apr 06, 2011

Why am I not surprised? Google Wallet is just like the OS it's on - unstable and insecure.

7. SuperAndroidEvo

Posts: 4888; Member since: Apr 15, 2011

Wow just on cue. Welcome to the thread The_Miz. Why am I not surprised? I know because The_Miz is very, very predictable! lol

8. bloodline

Posts: 706; Member since: Dec 01, 2011

just ban this twat already

9. iamcc

Posts: 1319; Member since: Oct 07, 2011

Miz please never stop posting here. Your comments remind me of why I went to school and it makes me feel better about the whole ordeal.

16. The_Miz

Posts: 1496; Member since: Apr 06, 2011

And yet you have nothing to show for it. ZING!

18. iamcc

Posts: 1319; Member since: Oct 07, 2011

Yeah making six figures a year is a bitch.

10. protozeloz

Posts: 5396; Member since: Sep 16, 2010

why I'm not surprised you would post in here

11. remixfa

Posts: 14605; Member since: Dec 19, 2008

im nearly convinced miz is a broken spam-joke bot lol

12. iamcc

Posts: 1319; Member since: Oct 07, 2011

Hey! That's what I said about taco... ;P

14. SuperAndroidEvo

Posts: 4888; Member since: Apr 15, 2011

lol Now I finally get The_Miz. He is SPAM! lol

17. The_Miz

Posts: 1496; Member since: Apr 06, 2011

Spam bot, really? Really? Really? Is that the lame-duck excuse you guys came up with because I'm speaking the truth?

19. iamcc

Posts: 1319; Member since: Oct 07, 2011

Think about it. All of your posts follow this format: Was the post the first on the thread? If yes, start post with: "FIRST!" Was the article written about Android or Apple? If yes, insert these words anywhere in the comment: "unstable, buggy, laggy, slow, half baked OS, bad battery life"

20. SuperAndroidEvo

Posts: 4888; Member since: Apr 15, 2011

You know, I consider SPAM sh*t. The_Miz talks a lot of sh*t. So Spam bot is kind of fitting, don't you think? lol Just kidding The_Miz! :-)

15. dirtydirty00

Posts: 428; Member since: Jan 21, 2011

"SUGGESTS"

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.