Google responds to Google Wallet security vulnerability

Google responds to Google Wallet security vulnerability


A senior engineer of zvelo has found that Google Wallet has a “significant security vulnerability”  which could reveal users’ PIN numbers.  Sharing the findings on their blog and posting a demo video for the world to see, zvelo indicates that Google has already been notified of the situation.  While this might sound like a terribly scary situation and a blow to Google’s NFC initiative, it’s worth pointing out that this affects Android handsets which have been rooted.  Also, bear in mind that Google Wallet is not widely available yet as it’s technically only offered on one phone on one carrier.

As mentioned above, Google is already aware of the situation and is said to be working on a fix for the bug.  In the meanwhile, zvelo offers up a number of precautions that one can take to ensure security.

The zvelo study was conducted on their own phone on which they disabled the security mechanisms that protect Google Wallet by rooting the device. To date, there is no known vulnerability that enables someone to take a consumer phone and gain root access while preserving any Wallet information such as the PIN.

We strongly encourage people to not install Google Wallet on rooted devices and to always set up a screen lock as an additional layer of security for their phone. – Google

 

What Wallet Users Can Do Today
There are some steps that Google Wallet users can take today to help mitigate the risk of this vulnerability.

  1. Do Not “Root” the Cell Phone – Doing so will be one less step for a thief.
  2. Enable Lock Screens – “Face Unlock,” “Pattern,” “PIN” and “Password” all increase physical security to the device. “Slide,” however, does not.
  3. Disable USB Debugging – When enabled, the data on mobile devices can be accessed without first passing a lock screen challenge unless Full Disk Encryption is also enabled.
  4. Enable Full Disk Encryption – This will prevent even USB Debugging from bypassing the lock screen.
  5. Maintain Device Up-To-Date – Ensure the device is current with the latest official software. Unfortunately, users are largely at the behest of their carrier and cell phone manufacturer for this. Using only official software and keeping devices up-to-date is the best way to minimize vulnerabilities and increase security overall.

 

About author

Scott Webster
Scott Webster 6606 posts

Scott has been running AndroidGuys since 2007 and loves nothing more than reading up on the latest smartphone rumors. His other mobile efforts can be found on Android Update (CNET) where he covers Google's mobile platform.

You might also like

News and Rumors

Alleged Galaxy F in black caught posing in the wild

It seems like every few days we get a new leak of Samsung’s premium offering, the Galaxy F device. We’ve recently shared a full render of the device as well

News and Rumors

T-Mobile G2 Confirmed, Pre-Sale Starts This Month

T-Mobile has just pushed out the official press release for the true successor to the groundbreaking G1.  Unfortunately, they didn’t drop any actual release date or pricing on us.  However,

News and Rumors

T-Mobile prepares to bid farewell to half dozen Android handsets

T-Mobile has started clearing their shelves in an attempt to make room for new smartphones and tablets.  As you know it’s a new year and we’re expecting a host of

3 Comments

  1. Eman LLuf
    September 30, 19:21 Reply

    “their blog” NICE HYPERLINK PLACEMENT, YOU SCOR 05483975627836753989219624127489183412893471234923498312491284928439832149324819 BROWNIE POOINTS, FUCKERS

Leave a Reply