Appolicious powers Verizon Educational Tools

Google working to patch Wallet security holes

by Phil Hornshaw

One of the big pushes Google is making for the future of its Android mobile platform is in Google Wallet, the near-field communication software that lets users make purchases in brick-and-mortar stores using only information stored and broadcast over short range by their smartphones.

But it seems Wallet isn’t quite ready for prime time because of some big, problematic security holes.

TechCrunch has a report showing one hack for rooted Android phones that pretty easily gives a user full access to credit card numbers, purchase history and more information that’s stored in multiple places on Google Wallet. It’s a fairly simple hack, but Google has responded to TechCrunch’s story noting that it doesn’t support Google Wallet on rooted Android devices – probably because of exploits like this one. The hack does require that a person have a great deal of access to the smartphone he or she is hacking, but even still, the story demonstrates that security on the software might have some issues.

Google is urging Android users to make use of screen locks to prevent access to their phones should they be lost or stolen to prevent this particular hack from being utilized, Fierce Mobile Content reports. But this hack suggests that even after Google put some work into shoring up its security for Google Wallet, issues with the software persist.

The Google Wallet software basically has the capability of turning certain smartphones into credit cards. The software uses hardware in certain Android smartphones called near-field technology, which allows the phone to send information to specially designated receivers over a very short distance. The principle is that users can input their credit card information, along with loyalty cards for stores, into Google Wallet. Then, when they got to a store and make a purchase, paying and using cards is just a simple matter of waving the phone in front of a receiver terminal on the counter. The NFC tech sends your payment information to the cashier’s computer, stamps your loyalty cards and completes the transaction quickly and easily.

But back in December, researchers from viaForensics found that Android’s open nature and the security troubles inherent in the software made Google Wallet problematic. It also found that Wallet stored a lot of personal information in a lot of places, sometimes without much in the way of protection, or stored as plain text. Google has since worked on rewriting the software to make it more secure; the new hack for rooted phones is another black eye for the service, however.

NFC technology seems like it could be the Next Big Thing in terms of the smartphone’s forward momentum in becoming users’ go-to tool for everything. Even Apple has been rumored to be looking for NFC capabilities for its next iPhone. But the technology is still young, and it appears that there’s a lot of work yet to be done to make it ready to be used safely all the time.