December 14, 2011 – Google’s mobile wallet application fails to securely store some personal information on the users’ phone, according to research from viaForensics. The security specialist says its initial testing of the app on a rooted handset shows that credit card balances, limits, expiration dates, names on cards, transaction dates and locations are all stored in various SQLite databases in unencrypted form. ViaForensics argues that many people would be uncomfortable with others knowing some of this information and that its use for social engineering attacks is „pretty high”.
However, the app generally fairs well, doing a „decent job” of securing full credit cards numbers, which are not insecurely stored and need a PIN to authorise payments. Google Wallet also managed to protect against man-in-the-middle attacks over Wi-Fi when the team attempted them at account registration and adding a new credit card.
In a statement, Google says: „The ViaForensics study does not refute the effectiveness of the multiple layers of security built into the Android OS and Google Wallet. This report focuses on data accessed on a rooted phone, but even in this case, the secure element still protects the payment instruments, including credit card and CVV numbers.”
The search engine giant officially launched Google Wallet in the US in September and has been gradually rolling out the technology since then.
Update
Google has chosen the UK as the second market for its mobile wallet service, with a trial set for early next year ahead of the London Olympics. According to French newspaper Les Echos, Google it is now talking to banks and French point-of-sale vendor Ingenico about a planned London pilot of the system in the first quarter ahead of a full roll out by the Olympics. Official London 2012 Olympic and Paralympic sponsors Lloyds TSB, Visa and Samsung are already working on a special Games contactless mobile payments handset.
Banking 4.0 – „how was the experience for you”
„So many people are coming here to Bucharest, people that I see and interact on linkedin and now I get the change to meet them in person. It was like being to the Football World Cup but this was the World Cup on linkedin in payments and open banking.”
Many more interesting quotes in the video below: