Google responds to Google Wallet security vulnerability

Google responds to Google Wallet security vulnerability

A senior engineer of zvelo has found that Google Wallet has a “significant security vulnerability”  which could reveal users’ PIN numbers.  Sharing the findings on their blog and posting a demo video for the world to see, zvelo indicates that Google has already been notified of the situation.  While this might sound like a terribly scary situation and a blow to Google’s NFC initiative, it’s worth pointing out that this affects Android handsets which have been rooted.  Also, bear in mind that Google Wallet is not widely available yet as it’s technically only offered on one phone on one carrier.

As mentioned above, Google is already aware of the situation and is said to be working on a fix for the bug.  In the meanwhile, zvelo offers up a number of precautions that one can take to ensure security.

The zvelo study was conducted on their own phone on which they disabled the security mechanisms that protect Google Wallet by rooting the device. To date, there is no known vulnerability that enables someone to take a consumer phone and gain root access while preserving any Wallet information such as the PIN.

We strongly encourage people to not install Google Wallet on rooted devices and to always set up a screen lock as an additional layer of security for their phone. – Google


What Wallet Users Can Do Today
There are some steps that Google Wallet users can take today to help mitigate the risk of this vulnerability.

  1. Do Not “Root” the Cell Phone – Doing so will be one less step for a thief.
  2. Enable Lock Screens – “Face Unlock,” “Pattern,” “PIN” and “Password” all increase physical security to the device. “Slide,” however, does not.
  3. Disable USB Debugging – When enabled, the data on mobile devices can be accessed without first passing a lock screen challenge unless Full Disk Encryption is also enabled.
  4. Enable Full Disk Encryption – This will prevent even USB Debugging from bypassing the lock screen.
  5. Maintain Device Up-To-Date – Ensure the device is current with the latest official software. Unfortunately, users are largely at the behest of their carrier and cell phone manufacturer for this. Using only official software and keeping devices up-to-date is the best way to minimize vulnerabilities and increase security overall.


About author

Scott Webster
Scott Webster 6611 posts

Scott has been running AndroidGuys since 2007 and loves nothing more than reading up on the latest smartphone rumors. His other mobile efforts can be found on Android Update (CNET) where he covers Google's mobile platform.

You might also like

News and Rumors

Lenovo ThinkPad Leaked, Running Honeycomb? [UPDATE]

UPDATE: Please refer to this post for the official announcement from Lenovo. Back at CES 2011, Lenovo introduced an amazing and very innovative tablet, the Lenovo LePad. It’s a hybrid

News and Rumors

Brisk Iced Tea brings Brisksaber app to Android, gives geeks a Yoda vs. Darth Maul showdown

Hey, all you Star Wars geeks! (I’m raising my own hand here, don’t be ashamed) In today’s awesome nerd news, Brisk Iced Tea is bringing Android users a new game

News and Rumors

Motorola Confirms Wi-Fi XOOM for $600

Motorola confirmed that the Wi-Fi version of their Android 3.0 tablet, the XOOM, will be coming to retail stores on March 27th.  The price of $600 is right on the


  1. Eman LLuf
    September 30, 19:21 Reply

    “their blog” NICE HYPERLINK PLACEMENT, YOU SCOR 05483975627836753989219624127489183412893471234923498312491284928439832149324819 BROWNIE POOINTS, FUCKERS

Leave a Reply