Google Fixes Potential Wallet Security Flaws

Two separate hacks for system recently discovered

Wednesday, February 15, 2012
Google Fixes Potential Wallet Security FlawsSoon after security issues related to its digital payment platform known as Wallet were discovered and disseminated, Google worked diligently to fix the problem.

The hacks, one of which could only be carried out by a particularly adept cybercriminal and the other could have been done by anyone with illegal intentions, were reported last week by two separate sources. Since then, Google worked to mitigate the security flaws, the company said.

The first problem would have allowed hackers with a strong knowledge of how to "root" mobile device to access the PIN code for a consumer's Google Wallet account, essentially giving them free reign over the hacked account, the report said. In most cases, if Wallet detects that it's being used on a rooted phone, it will automatically delete itself from the device.

The second hack is more insidious, because it allows anyone with bad intentions and a lost or stolen cell phone with Google Wallet loaded onto it to access the account and make fraudulent purchases, the report said. If a lost or stolen device isn't protected with a lock screen code, a criminal could reset the account, create a new password and link the account to a prepaid card that basically gave them access to the victim's funds. As a result of this security flaw, Google recently suspended the use of prepaid cards on Wallet while it was working on a fix, but has since restored support for these accounts.

However, Google assured users Wallet is secure overall, and that it will to be so as Google works continuously to upgrade its protections, the report said. This type of NFC-dependent mobile purchasing system is expected to become quite ubiquitous in the near future.

"Mobile payments are going to become more common in the coming years, and we will learn much more as we continue to develop Google Wallet," wrote Osama Bedier, vice president of Google Wallet and Payment. "In the meantime, you can be confident that the digital wallet you carry provides defenses that plastic and leather simply don't."

Betty Chan-Bauza, vice president of product management for Identity Theft 911, writes a blog about potential issues related to identity theft and fraud consumers may face from certain products.

© IDT911, LLC. All Rights Reserved.
Sign up for our Newsletter. If you feel that you have been a victim of identity theft, call your provider organization to be put in touch with the IDT911 Resolution Center.