Home > 2011 > Identity Theft > Google Wallet’s Potential Security Hole

Google Wallet’s Potential Security Hole

Advertiser Disclosure Comments 3 Comments

There’s a lot of hullabaloo right now about turning your smartphone into a wallet. Phone companies and major banks hope that someday people will reach for their phone instead of their credit card or cash to buy coffee, gas and household items (especially since processing a bunch of ones and zeroes is much cheaper than handling loose bills).

Internet giant Google is in on the action, having recently demoed something called Google Wallet.  The idea behind the mobile payment plan is to build a system where consumers can buy stuff and receive coupons and loyalty rewards all with their Sprint smartphone.

But as PC World’s Tony Bradley writes, the yet-to-be-released system has a potential security vulnerability. The problem is the software application used by the consumer, the phone, the merchant and the banks to interact. That app also accesses a separate chip on the phone, which holds the user’s encrypted credit card data.

[Resource: Get your free Credit Report Card]

Hackers might not be able to break into the credit card payment networks, Bradley writes. But they may figure out how to reverse engineer that single, all-important app. They might also be able to trick consumers into downloading the wrong app.

Either way, Google’s well-planned security measures could potentially be tripped up.

“I am not trying to suggest that Google Wallet is completely insecure, or scare you away from using it,” Bradley writes. “But, I do think you need to be aware of the potential security holes in the system so you can exercise an appropriate level of caution when using Google Wallet.”

Jimmy Shah, a security researcher at McAfee Labs, shares Bradley’s concern.

“Android apps are relatively easy to reverse-engineer, so that would probably be the first step an attacker would take,” Shah writes.

Google says it will address security concerns by storing payment information on a separate, secure chip, and requiring users to type in a PIN to access it. The company does acknowledge that fraud is possible, however.

“Even though the Google Wallet PIN and Secure Element protect your payment card information, you should still call your issuing banks to cancel your cards” if your phone is lost or stolen, Google says on the web site introducing the service.

[Related: Your Smarter Smartphone]

Image: Google Wallet

Comments on articles and responses to those comments are not provided or commissioned by a bank advertiser. Responses have not been reviewed, approved or otherwise endorsed by a bank advertiser. It is not a bank advertiser's responsibility to ensure all posts and/or questions are answered.

Please note that our comments are moderated, so it may take a little time before you see them on the page. Thanks for your patience.

  • Pingback: Google Wallet's Potential Security Hole | Forums, Chats, Doscussion()

  • http://googlewallets.blogspot.com/p/frequently-asked-questions-about-google.html shaolinx

    Your making many moot statements…

    For one, If they are able to “trick” customers into dling the wrong app, then they could have done it with ANY other method. This happens all the time as is.

    Secondly, any system without holes does not exist and its true that open source makes it more prone to hackers. However, it is also true that open source system also have many other people, google or not, patching up those holes.

    Check out my Blog -> http://googlewallets.blogspot.com

  • Pingback: Google Wallet’s Potential Security Hole - Identity Theft 911 Blog()

  • Wesley

    Christopher,

    Your words “hullabaloo” and “something called Goole Wallet” telling you are biased on the subject. When you write “that app also accesses a separate chip on the phone” shows you have no grasp on what’s happening.

    So why don’t you hold off from he subject for a while until you do your homework?

  • Chris Maag

    Hi guys. Thanks for writing. It’s pretty obvious that the story is not biased. If you disagree with what my sources have to say, I suggest you also write to them.

Certain credit cards and other financial products mentioned in this and other articles on Credit.com News & Advice may also be offered through Credit.com product pages, and Credit.com will be compensated if our users apply for and ultimately sign up for any of these cards or products. However, this relationship does not result in any preferential editorial treatment.