Revealed: Google Wallet Security Flaw on Android Phones [VIDEO]


Don’t give up your wallet and plastic cards just yet — at least, not until Google Wallet gets a security update.

The Android-only service, which lets you pay with your smartphone, turns out to have a major security flaw. If someone gets hold of your phone, they can effectively hit the reset button on Google Wallet — and get themselves sent a new PIN number.

The flaw, uncovered by TheSmartphoneChamp.com, wasn’t the first vulnerability uncovered in Google Wallet this week. Zvelo, a malicious software detection service, found that Google Wallet could be hacked and the owner’s pin number obtained using an app. But that hack required a phone to be rooted.

The video below shows just how easy it is to access credit card information from Google Wallet. One major concern: Google Wallet is connected to your phone, not your Google account, so you can’t change your password online if your phone is lost or stolen.

Google said a fix would be available soon. ”We strongly encourage anyone who loses or wants to sell their phone to call Google Wallet support toll-free at 855-492-5538 to disable the prepaid card,” said a spokesperson.

“We are currently working on an automated fix as well that will be available soon. We also advise all Wallet users to set up a screen lock as an additional layer of protection for their phone.”

The Google Wallet app was introduced in May 2011 and went live in September. It’s marketed as a paper-free way to store credit cards and pay for items with a tap on a PayPass pad using NFC technology. Shortly after its release, security concerns prompted Verizon to block the app from its Galaxy Nexus smartphone.

AT&T didn’t allow Google Wallet until recently. As Zvelo pointed out, that could have been due to the fact that AT&T, T-Mobile and Verizon had a network joint venture in ISIS — a direct competitor to Google Wallet.

By 2015, the value of all mobile money transactions is expected to reach $670 billion. Other companies, such as PayPal and Visa, have invested in their own mobile wallet technologies.

The Google Wallet website FAQ’s section says information stored on the app is protected by a chip called the Secure Element that operates separately from the phone’s main operating system.


Do you use Google Wallet? Are you concerned about someone stealing your information? Tell us in the comments.

Image courtesy of iStockphoto, oonal

More About: Google, google wallet, hack, mobile security, Secure Element, security

For more Dev & Design coverage:


This entry was posted in google, google wallet, hack, mobile security, Secure Element, security and tagged , , , , , , , , , . Bookmark the permalink.