Google Hit With Security Questions Over Wallet Offering
Google's progress in mobile payments hit a snag recently when two separate security flaws in its Google Wallet product came to light. The first vulnerability made it possible for the finder of a lost phone with Google Wallet installed to gain access to the prepaid card on the device. Google has since released a fix for this issue.
And Joshua Rubin, a senior software engineer at security vendor Zvelo, was able to find and decrypt the four-digit Google Wallet password, which is designed to protect the user's credit card information in the event of a lost or stolen phone.
Rubin said he was able to decrypt the password because it is stored in the application database, not in the special chip where credit card numbers are stored. Google's response was that Rubin was using a rooted phone and under normal circumstances this sort of tampering would cause all user data within the phone to automatically be wiped out, including all Google Wallet data.