Google Wallet May Not Be Secure Enough According to Forensics Experts

Discussion in 'Android News' started by dgstorm, Dec 13, 2011.

  1. dgstorm

    dgstorm Editor in Chief Staff Member Premium Member

    Joined:
    Dec 30, 2010
    Messages:
    8,281
    Likes Received:
    2,085
    Trophy Points:
    378
    Location:
    Austin, TX
    Ratings:
    +2,160
    [​IMG]

    A recent study was done by security experts at viaForensics on Google Wallet. According to their report, "Google Wallet is not as secure as it should be." The primary concern highlighted by their study was that Google Wallet stores too much personal data on the device, and its lack of encryption makes things worse. Supposedly, Google Wallet stores user's credit card balance, limits, expiration date, transaction dates, locations, and even their name as it appears on the card and more. While this info alone would not be enough for an unscrupulous third party to charge transactions on the device, it does leave the user open to identity theft or a social engineering attack.

    Of course, Google has come forward decrying the validity of the testing because the analysis was performed on a rooted phone. They said that this information can only be accessed from a phone that is rooted. Here is what Google's spokesperson, Nathan Tyler said on the subject,

    Unfortunately, Google's argument falters, because there have been instances in the past, (and probably the future), in which malware, like "Droid Dream", has gained root access to Android devices. To Google's credit, viaForensics, indicated that Google does several things very well and are on par or better than some other competing mobile payment systems, like Square. Here's a quote from the AmericanBanker.com article with some details,

    Unfortunately, viaForensics indicated that they simply couldn't give Google Wallet a passing grade because of the potential for malware abuse. Andrew Hoog, chief investigative officer at viaForensics made the foreboding statement, "Malware is the storm that's on the horizon."

    Source: AmericanBanker
     
  2. RyanPm40

    RyanPm40 Active Member

    Joined:
    May 3, 2010
    Messages:
    629
    Likes Received:
    15
    Trophy Points:
    33
    Ratings:
    +18
    I will never use my phone to pay for things. Whether it be Google Wallet or whatever Verizon is concocting with AT&T and T mobile. No matter what, it is far too risky to have such important personal info on my PHONE which is connected to the INTERNET at all times. Besides, if I'm going to a store, I would always have my real wallet with me... I need my driver's license on me in order to legally get to said store!
     
  3. Bigaliensexmachine3000

    Bigaliensexmachine3000 Member

    Joined:
    Mar 27, 2010
    Messages:
    99
    Likes Received:
    1
    Trophy Points:
    8
    Ratings:
    +1
    I wasn't planning on using googol wallet any time soon because of something like this. That doesn't mean that gw won't be refined in the future to where its secure and ready for every day use.
     
  4. manilaboy1vic

    manilaboy1vic Member

    Joined:
    Jan 2, 2010
    Messages:
    695
    Likes Received:
    3
    Trophy Points:
    18
    Location:
    planet earth
    Ratings:
    +3
    i wont be storing my credit card info on any phone either.
     
  5. johnomaz

    johnomaz Silver Member

    Joined:
    Jul 12, 2010
    Messages:
    2,654
    Likes Received:
    374
    Trophy Points:
    148
    Location:
    Central Valley, California
    Ratings:
    +396
    Current Phone Model:
    Nexus 6
    I'm sorry, but think about the time it takes to pay with your credit/debit card and the time it would take to pay with your phone. You're at the checkout counter. You dig for your phone (ya women, this is for you and your bottomless purses), unlock it. If you have a passcode or have to draw a shape, thats more time. Open the app, type in your pin and then pass near the reader. That is also if the store has a NFC reader there. Sorry, but it is way faster to just use your debit/credit card to swipe.
     
  6. ohcop72

    ohcop72 Member

    Joined:
    Dec 26, 2009
    Messages:
    132
    Likes Received:
    0
    Trophy Points:
    16
    Ratings:
    +0
    It will catch on, it will be refined and it will probably be the future at some point. You would be amazed at how open your credit cards are already on the internet. Just like not running antivirus on my home computer for the past 8 years, if your careful how you use it then you will be safe.
     
  7. CT Raider

    CT Raider New Member

    Joined:
    Nov 9, 2009
    Messages:
    21
    Likes Received:
    4
    Trophy Points:
    3
    Ratings:
    +4
    Current Phone Model:
    Droid Razr Maxx (time 4 Turbo)
    If you've purchased one of Googles 10 cent apps, from their 10 Million DL's promo, you probably already have Google Wallet. It's the backhanded way to get you to use it. And dare I say, probably the reason they are doing the promo in the first place. I know this because I went to buy an app and it told me I'd be using Google Wallet.
     
  8. Mark_V

    Mark_V Member

    Joined:
    Feb 6, 2010
    Messages:
    83
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    OKC
    Ratings:
    +0
    I would venture to guess you made this statement with out ever using NFC to pay for something.
     
  9. Dusty

    Dusty Premium Member Premium Member

    Joined:
    Jan 13, 2010
    Messages:
    951
    Likes Received:
    263
    Trophy Points:
    63
    Location:
    DC/NoVA
    Ratings:
    +288
    Current Phone Model:
    Nexus 6
    The claim seems kind of dubious. The information they were able to get were: the last four digits of the GW account, a list of purchased items, and the remaining balance. These items are pretty useless. It's like looking at someone's ATM receipt and a few store receipts and claiming that you were on the verge of robbing them blind. The phone would have to be rooted and the information is only obtainable with physical access to the phone. So what this tells me is this...

    You would have to root your phone, and not have a password lock on it. Someone would then have to physically steal the phone, and, in the end, all they could get from it would be three items of useless information.

    If someone had you targeted for identity theft for fraudulent purchases they'd be better off just stealing your wallet or purse if they had physical access to you. Then, they would have your ID and credit cards. If they stole your phone for GW access they'd still need your purchase pin. They would, however have a sweet list of stuff you already bought and an account balance that they don't have access to.

    Who paid for this "study". I'm not saying GW is awesome and invincible, but this... this smells fishy, half baked, and sensationalist.

    I smell FUD.
     
    Last edited: Dec 13, 2011
  10. alboboy10

    alboboy10 Senior Member

    Joined:
    Jan 8, 2010
    Messages:
    1,808
    Likes Received:
    17
    Trophy Points:
    68
    Ratings:
    +17
    Lol you're not going to use you're cards...what about other thingsyou buy online. Same thing.
     
  11. manilaboy1vic

    manilaboy1vic Member

    Joined:
    Jan 2, 2010
    Messages:
    695
    Likes Received:
    3
    Trophy Points:
    18
    Location:
    planet earth
    Ratings:
    +3
    it just seems unsafe to me.. there are ways to one click root a phone.. whos to say a developer cannot make an app, throw it on the market and access peoples cc info.... im in no rush to store CC info on my phone..
     
  12. Dusty

    Dusty Premium Member Premium Member

    Joined:
    Jan 13, 2010
    Messages:
    951
    Likes Received:
    263
    Trophy Points:
    63
    Location:
    DC/NoVA
    Ratings:
    +288
    Current Phone Model:
    Nexus 6
    GW doesn't directly store or use your CC info! That's like saying that if someone stole your Target gift card they could wipe out your CC.

    Just like on your computer don't install junk from sources you don't trust. Same thing!
     
  13. Sweettooth

    Sweettooth Member

    Joined:
    Jan 15, 2010
    Messages:
    726
    Likes Received:
    10
    Trophy Points:
    18
    Location:
    Dallas, Texas
    Ratings:
    +11
    To those saying they don't plan on using their phone in place of a credit/debit card; what are you going to do when plastic cards are no longer in use? I believe very strongly that all your cards and information will one day be consolidated into one object, and since smartphones will likely become the standard if plans and manufacturing costs go down (no more cheapo Nokias), why not put all that information on or have it be accessible from, your phone? Imagine when your phone is your iPod/MP3 player, driver's license, ID, credit/debit card, coupon holder, gift cards, bus pass, library card, GPS/navigation, portable TV, videogame console, remote control, full blown diagnostic utility (a la Star Trek), camera, computer, newspaper...and let's not forget, PHONE, all in one, because that is undoubtedly the future of these devices. Google Wallet and it's clones are just the beginning. These aren't the devices to rule all machines, they're the devices to rule all humans. :blink:
     
    Last edited: Dec 14, 2011
  14. RyanPm40

    RyanPm40 Active Member

    Joined:
    May 3, 2010
    Messages:
    629
    Likes Received:
    15
    Trophy Points:
    33
    Ratings:
    +18
    Credit Cards and Debit Cards will never cease to exist.
     
  15. ilikemoneygreen

    ilikemoneygreen Silver Member

    Joined:
    Apr 7, 2010
    Messages:
    2,578
    Likes Received:
    15
    Trophy Points:
    103
    Location:
    AZ, Superstition MTNs!
    Ratings:
    +15
    i dont think that analogy is accurate at all but i like your avatar pic and i have a friend named Dustin who also likes Star Wars so ill agree with you. :biggrin:
     
Search tags for this page

how safe is google wallet