Once Google Wallet is restarted, it will ask for a new PIN. The thief types in whatever PIN they want, and viola — instant financial disaster.More at the link, including an illustrative video.
The reason this is possible, is Google Wallet attaches access to your funds to the device itself. This is to ensure you as the legitimate user can get to your funds easily. Using Near Field Communications technology, simply move your Google Wallet-enabled smartphone near a special reader, type in your PIN, and you're on your way. Unfortunately, this concept makes it easy to anyone else who has your phone, due to the ease creating a new PIN...
The forum user that discovered this new flaw states they informed Google of their find, and that Google has a fix for those banks that choose to implement it. Are you secure? If you're a Google Wallet user, you might want to contact your bank and ask...
12 February 2012
A security problem with Google Wallet
From an article posted at Technorati. If someone gets hold of your phone, all they have to do is reset the app:
I'm no Luddite, yet it took me a long time before I ever used internet banking. Now I use it all the time. The thought of handing over that kind of control over my money to a third party (ie. not you or your bank) - especially a faceless, contactless (who are you going to call when it happens?) entity like Google - gives me the total willies!
ReplyDeleteInternet bank transactions still give me the willies. Access that only allows for transfer between various accounts is generally safe, and access that allows for payment to known utilities & the like is safe, too. Other activity I'm still skeptical about.
ReplyDeleteLurker111
This only applies to those who have rooted their phones, if I understand correctly. If you have a signed build of Android on your phone, as delivered by your hardware provider, you should be safe from this particular hack.
ReplyDeleteThere is more detail at http://threatpost.com/en_us/blogs/google-reacts-google-wallet-security-issues-021212 (including some discussion of a bug that *does* put funds on a prepaid Google Wallet at risk).