Google Wallet, which initially launched in September of 2011, has decided to temporarily suspend its provisioning of prepaid cards as a result of two newly discovered security vulnerabilities. Recently, a security research team uncovered a potential threat to the overall security of the Google Wallet. The initial issue, which revealed that a brute-force attack could reveal a Google Wallet user’s pin, was discovered by researchers at the security firm Zvelo Labs.
While the first vulnerability could theoretically place Google Wallet users at substantial risk, it is not an easy security hole to exploit. In order for the hacker to make payments using a stolen account, they would have to physically possess (steal) the user’s phone, install the Cracker app, and install a piece of malware to disable the phone’s security system. Even after all of these steps are completed, the hacker will not have access to the credit cards and will have to use the stolen phone to make charges.
The second security issue, which was discovered by The Smartphone Champ, is the greater threat. Once a thief has a user’s phone, the thief can simply reset the Google Wallet app, enter a new pin, and begin using the phone to access the user’s funds.
Osama Bedier, the VP of Google Wallet and Payments, wrote a blog post to reassure users that Google Wallet is secure:
“Mobile payments are going to become more common in the coming years, and we will learn much more as we continue to develop Google Wallet. In the meantime, you can be confident that the digital wallet you carry provides defenses that plastic and leather simply don’t.”
Even though the blog post suggested that the virtual wallet is secure, Google has suggested that Google Wallet users who lose their phone immediately call Google Wallet Support at 855-492-5538 to disable the prepaid card. In addition, the company is recommending a mobile security tracking app, such as Lookout, be installed.
Although Google is reassuring users that this is a temporary issue and that Google Wallet is more secure than traditional credit cards, the security problems may cause the general public to feel a traditional wallet is more secure.
[Sources Include: Google Commerce Blog, zvelo blog, & The Smartphone Champ]
