Google Wallet security holes threaten both rooted and stock devices – The Verge

Current Google Wallet customers given $5 on pre-paid cards for all the provisioning hassles

2012-03-20T20:08:59-04:00

Google Wallet keys security

If you opened up Google Wallet today, you may have noticed there's an extra $5 sitting on your pre-paid card. It turns out it's not a glitch, it's compensation from Google Wallet in exchange to the provisioning hassles the service has been experiencing this year. In an email to all customers, the company writes:

We are happy to announce that you can now add the Google Prepaid Card back to your wallet with the newest version of Google Wallet, and any funds that you previously had on the card should be restored, unless you contacted Money Network and asked for a refund of those funds. To add the Google Prepaid Card back, you will first need t …

Read the full story at The Verge.

Google re-enables pre-paid card re-provisioning in Google Wallet, with password-based security

2012-03-08T20:43:04-05:00

Google Wallet keys security

Ever since initial reports about security holes in Google Wallet bloomed into a full-scale problem that gave potential thieves access to pre-paid cards, Google has been scrambling to patch up security holes and ensure users that its mobile payment solution is still more secure than your average credit card. The largest hole involved a simple process of clearing app data and re-initializing the app in order to gain access to a pre-existing pre-paid card. Google first locked down access to new or re-provisioned cards immediately. After a few days, the company opened up the creation of new pre-paid cards while requiring users to call into to Go …

Read the full story at The Verge.

Google Wallet app now notifies rooted users that they’re not supported

2012-03-05T15:25:01-05:00

Google Wallet root warning

It looks like Google is closing the book on the security concerns surrounding Google Wallet. The search giant released a software update a couple of weeks ago that patched the hole that made prepaid funds vulnerable to theft, and now the company has released its solution for those with rooted devices. According to Droid Life, users on rooted phones are now presented with a warning that their device is not supported by Google Wallet, though the app will still function perfectly fine. Unfortunately, it's not a proper fix - the vulnerability on rooted phones that allowed hackers to crack the security PIN that protects Wallet is alive and well. …

Read the full story at The Verge.

Google Wallet restores prepaid cards, patches re-provisioning security hole

2012-02-15T02:04:00-05:00

Google Wallet keys security

Google has updated its blog post about the Google Wallet prepaid card security hole, letting us know that it has re-activated provisioning and also put out a fix for the original problem. Last week it was discovered that Google Wallet had a serious security issue that affected all users, in which anybody could clear the app data from Google Wallet, re-open it, and gain access to the prepaid card. In response, Google shut down provisioning for the prepaid cards altogether - until now, that is. Here is Google's updated statement:

Yesterday afternoon, we restored the ability to issue new prepaid cards to the Wallet. In addition, we issued a fi …

Read the full story at The Verge.

Google Wallet reassures customers of safety, turns off prepaid card provisioning

2012-02-11T18:39:01-05:00

Google Wallet keys security

Following discoveries that both rooted and stock Android phones are vulnerable to attack, vice president of Google Wallet and payments Osama Bedier posted a letter today defending the service and reassuring customers that it is still safer than traditional payment methods. He cites that Google Wallet is protected by both an in-app PIN and a screen lock (if you have one set up), and in order to maintain security, he recommends that all Google Wallet users keep their phones unrooted, since it's not hard for a thief to access your Wallet PIN on a rooted phone. Additionally - to help keep stock devices safe following the latest finding that fund …

Read the full story at The Verge.

Second Google Wallet security vulnerability confirmed, affects all users

2012-02-09T16:45:45-05:00

Google Wallet Lock 1024

After the news yesterday that it is possible to crack the PIN on the Google Wallet software on rooted Android devices, a second security flaw has been uncovered that affects all users. The "attack" works thusly: if somebody takes your phone, he or she can go into the app settings for Google Wallet and tap "Clear data." This will erase all of the Google Wallet data stored on the phone. When that person then opens Google Wallet, it offers its initial setup process again, including setting up a new PIN and tying Google Wallet to a Google account. That's when the real issue arises, as that person can re-add the default Google Wallet pre-paid car …

Read the full story at The Verge.

Google Wallet PIN cracked on rooted Android devices

2012-02-08T22:19:02-05:00

Google Wallet Galaxy Nexus 1024

The security of the PIN that protects Google Wallet transactions has been compromised - though most users won't need to worry about the issue for now, as it only applies to users who have rooted their Android smartphone. The key issue is that the PIN is stored on the device itself instead of in the secure NFC element, although it is in an encrypted format. That means that if your Android smartphone is rooted, if somebody takes your phone, he or she will be able to access the encrypted file that stores your PIN. From there, it's a relatively simple matter of running a program that uses a brute force method to guess your PIN.

Protecting yours …

Read the full story at The Verge.