Google Wallet pulls prepaid cards as temporary precaution
Google (NASDAQ: GOOG) has announced that it has disabled the provisioning of prepaid cards for its Google Wallet service as a temporary precaution. This comes in the wake of at least two separate ways in which its security mechanisms were shown to be circumvented. The first was demonstrated by Web security provider Zvelo, who in a detailed article showed how a rooted Android smartphone is vulnerable to a brute-force attack on the PIN code used to secure a Google Wallet.
Separately, a blog on SmartphoneChamp published just a day later detailed how clearing the data for the Google Wallet app causes users to be prompted for a new PIN upon next launching the app. With this access, the user can proceed to associate a Google PrePaid card to access all previously available funds. "The problem here is that since Google Wallet is tied to the device itself and not tied to your Google account," explained the blog. This second vulnerability is particularly serious due to the ease with which it can be executed.
Google spokesperson Nate Taylor responded to the Zvelo study by noting that the researcher disabled the security mechanisms that protect Google Wallet when the system was rooted. "To date, there is no known vulnerability that enables someone to take a consumer phone and gain root access while preserving any Wallet information such as the PIN," says Taylor. For now, Google maintains that its Wallet technology offers better security than a traditional wallet--provided users take the basic precaution of enabling a screen lock on their smartphones.
Verizon blocks Google Wallet from new Galaxy Nexus smartphone
New Jersey Transit partners with Google to offer NFC mobile payments
A road map for mobility through 2020
Google Wallet ad featuring George Costanza of 'Seinfeld'