Google Wallet May Not Be Secure Enough According to Forensics Experts

Discussion in 'Android Tablet News' started by dgstorm, Dec 13, 2011.

  1. dgstorm

    dgstorm Editor in Chief Staff Member

    Jan 5, 2011
    Likes Received:
    Trophy Points:

    A recent study was done by security experts at viaForensics on Google Wallet. According to their report, "Google Wallet is not as secure as it should be." The primary concern highlighted by their study was that Google Wallet stores too much personal data on the device, and its lack of encryption makes things worse. Supposedly, Google Wallet stores user's credit card balance, limits, expiration date, transaction dates, locations, and even their name as it appears on the card and more. While this info alone would not be enough for an unscrupulous third party to charge transactions on the device, it does leave the user open to identity theft or a social engineering attack.

    Of course, Google has come forward decrying the validity of the testing because the analysis was performed on a rooted phone. They said that this information can only be accessed from a phone that is rooted. Here is what Google's spokesperson, Nathan Tyler said on the subject,

    Unfortunately, Google's argument falters, because there have been instances in the past, (and probably the future), in which malware, like "Droid Dream", has gained root access to Android devices. To Google's credit, viaForensics, indicated that Google does several things very well and are on par or better than some other competing mobile payment systems, like Square. Here's a quote from the article with some details,

    Unfortunately, viaForensics indicated that they simply couldn't give Google Wallet a passing grade because of the potential for malware abuse. Andrew Hoog, chief investigative officer at viaForensics made the foreboding statement, "Malware is the storm that's on the horizon."

    Source: AmericanBanker
    Last edited: Dec 13, 2011

Share This Page