Google Wallet is Easy to Hack and Exploit

SMS Text

google-wallet-security-issuesGoogle Wallet, which initially launched in September of 2011, has decided to temporarily suspend its provisioning of prepaid cards as a result of two newly discovered security vulnerabilities. Recently, a security research team uncovered a potential threat to the overall security of the Google Wallet. The initial issue, which revealed that a brute-force attack could reveal a Google Wallet user’s pin, was discovered by researchers at the security firm Zvelo Labs.

While the first vulnerability could theoretically place Google Wallet users at substantial risk, it is not an easy security hole to exploit. In order for the hacker to make payments using a stolen account, they would have to physically possess (steal) the user’s phone, install the Cracker app, and install a piece of malware to disable the phone’s security system. Even after all of these steps are completed, the hacker will not have access to the credit cards and will have to use the stolen phone to make charges.

The second security issue, which was discovered by The Smartphone Champ, is the greater threat. Once a thief has a user’s phone, the thief can simply reset the Google Wallet app, enter a new pin, and begin using the phone to access the user’s funds.

Osama Bedier, the VP of Google Wallet and Payments, wrote a blog post to reassure users that Google Wallet is secure:

“Mobile payments are going to become more common in the coming years, and we will learn much more as we continue to develop Google Wallet. In the meantime, you can be confident that the digital wallet you carry provides defenses that plastic and leather simply don’t.”

Even though the blog post suggested that the virtual wallet is secure, Google has suggested that Google Wallet users who lose their phone immediately call Google Wallet Support at 855-492-5538 to disable the prepaid card. In addition, the company is recommending a mobile security tracking app, such as Lookout, be installed.

Although Google is reassuring users that this is a temporary issue and that Google Wallet is more secure than traditional credit cards, the security problems may cause the general public to feel a traditional wallet is more secure.

[Sources Include: Google Commerce Blog, zvelo blog, & The Smartphone Champ]

David Angotti

David Angotti

After successfully founding and exiting an educational startup in 2009, I began helping companies with business development, search engine marketing (SEM), search engine optimization (SEO), conversion rate optimization (CRO), online marketing, mergers and acquisition, product development, and branding. Now, I am focused on a new startup in the travel and tourism market niche.
David Angotti
Get the latest news from Search Engine Journal!
We value your privacy! See our policy here.
  • Michael

    Despite some holes in the security system, the mobile payment , in my opinion, is as safe (if not safer) than the physical wallet. If you lose a wallet or if someone steals your wallet, the thief can use your plastic cards. In order to prevent it, you have to call all your credit card companies to disable all your credit cards. With Google Wallet, just like the physical wallet, you will have to call Google Wallet to disable your prepaid card in your phone. A bigger challenge, in my opinion, is to have the mobile cards be accepted at a very large number of merchants. That will take time. However, over the long run, mobile payments will become as widely acceptable as plastic cards.