Even after rewrites, Google Wallet retains gaping security holes, mainly due to Android

Google Wallet got patches for some security holes, but still leaves too much data exposed


In December Stanford Law Professor Barbara van Schewick filed a formal complaint with the FCC asking it to investigate whether Verizon’s decision to exclude the Google Wallet from its menu of mobile services violated net neutrality rules by favoring one vendor’s product over another.

Some Verizon users may feel lucky to have been excluded following the revelation of a major security flaw in Google Wallet security.

The problem isn't in the near-field-communications (NFC) radio network that makes it possible for Google Wallet users to use smartphones like contactless credit- or debit cards.

The problem is in the way Google Wallet itself is configured and the inherent weaknesses of Android, which was designed to be as open as possible to new functions and applications and, as a result, is just as open to exploits, hacks and simple eavesdropping that would make secure smartphone banking impossible.

NFC is a variant of the RFID radio-frequency networking protocol that allows smart-chipped credit cards, passports, cargo-tracking systems and other location-dependent applications to wirelessly identify specific items using the signal from tiny, relatively inexpensive chips.

Using NFC, Google Wallet turns smartphones into transponders that can securely link with and exchange payment data with NFC-enabled payment-processing systems.

The idea is to eliminate the need to carry a wallet full of plastic by connecting smartphones directly to secure payment-processing systems so consumers can use their smartphones as the hardware token that allows them to authenticate themselves when making purchases at retail stores, vending machines and almost anywhere else.

NFC is popular in northern Europe, where it has been built into cell phones for years, but has not built the vendor support or consumer confidence that would allow it to be successful in the United States.

Google Wallet is available only on the Samsung Galaxy Nexus on Sprint’s network.

Google Wallet might have changed that by putting NFC payment potential in the pockets of millions of Android users in the U.S.

Unfortunately for NFC advocates and Google, only the most obvious portions of the data Google Wallet collects is kept secure, according to mobile-security analysis vendor viaForensics.

Join us:






Mobile & WirelessWhite Papers & Webcasts

See more White Papers | Webcasts

Answers - Powered by ITworld

Ask a Question