Google Wallet Prepaid Security Flaw Fixed; Brute-Force Issue Not Addressed

Discussion in 'Android News' started by dgstorm, Feb 15, 2012.

  1. dgstorm
    Offline

    dgstorm Editor in Chief Staff Member Premium Member

    Joined:
    Dec 30, 2010
    Messages:
    7,021
    Likes Received:
    1,277
    Trophy Points:
    113
    Location:
    Austin, TX
    [​IMG]

    Just last week we shared a couple of security flaws in Google Wallet with you guys. One was a brute-force hack that required your phone to be rooted to get access to your Google Wallet. The other didn't require your phone to be rooted, nor did it require any real hacking skills from the bad guys. Both of these security issues required that your phone be stolen by the potential crooks and were easily foiled if you simply lock your device.

    Since then, Google temporarily disabled the prepaid services while they worked on a fix for that particular security vulnerability. Today, Google shared that they have fixed that issue, and have restored the prepaid services. The "brute-force" hack issue has not been addressed, and likely won't. Google made it clear in their previous statement that they do not consider that vulnerability a big enough (or easy enough to pull-off) flaw, and that users should simply not root their phones if they are going to use Google Wallet. Of course, that won't make very many folks very happy, and the real lesson is to simply set a lock pattern on your phone of some kind. Here is Google's statement regarding the prepaid fix:

    Source: TalkAndroid and GoogleCommerce