Google Responds to Google Wallet Concerns: Is it Enough?

Carl Weinschenk
Slide Show

Seven Tips to Protect Your Google Wallet

Even with Google Wallet's built-in identity theft protections, you still need to be wary of hackers.

The big issue emerging from the twin hits to Google Wallet's security is what impact the resulting uncertainty will have on the fledgling category.

Last week, many sites reported and I posted on a pair of security vulnerabilities that have hit Google Wallet. One was low tech: Somebody who finds or steals a phone can simply reset the device and take control of the funds in the device owner's prepaid account. The other allows a brute force attack to forge a match with the four-digit PIN number stored in the device and thus provide access to a potential thief.

On Monday, Google responded to both problems.

The PIN exploit only works on rooted phones. Google suggests that using Google Wallet on such devices is a bad idea:

First, Google Wallet is protected by a PIN - as well as the phone's lock screen, if a user sets that option. But sometimes users choose to disable important security mechanisms in order to gain system-level "root" access to their phone; we strongly discourage doing so if you plan to use Google Wallet because the product is not supported on rooted phones. That's why in most cases, rooting your phone will cause your Google Wallet data to be automatically wiped from the device.

Paul Wagenseil at TechNewsDaily doesn't seem to think Google's answer means much. Indeed, it doesn't seem that Google has done much except caution folks to use Google Wallet carefully. The questions that remain are whether the exploit can be used on stolen or lost devices and whether folks acting in a way that Google may think is inappropriate - rooting their phone and using Google Wallet - cede the right to be protected.

Google did less equivocating on the issue of an authorized person hijacking a user's account. The company suspended provisioning of prepaid cards pending a solution to the problem.


Taken together, the big picture darkens a bit for Google Wallet. Wrote Clint Boulton at eWeek:

However, if researchers keep poking holes in Wallet, whether they use tricks to unlock PINs or not, the less credible Wallet's security will seem. This will be problematic at a time when Google is fighting to expand the service and help it proliferate in commercial markets worldwide.

That is true enough, as far as it goes. It also may be fair to say that the company rooting almost as hard for Google to secure its wallet is ISIS, a nascent competitor (which has a security arrangement with Gemalto). The bottom line is that no near-field communications-based e-wallet category yet exists. If one of the two players - and a top-five high-profile name - is found to not measure up, it's a good bet that the category will pay. And, in this case, the price will be not gaining traction at all.

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.


Add Comment      Leave a comment on this blog post

Post a comment





(Maximum characters: 1200). You have 1200 characters left.




Subscribe Daily Edge Newsletters

Sign up now and get the best business technology insights direct to your inbox.

Subscribe Daily Edge Newsletters

Sign up now and get the best business technology insights direct to your inbox.