Google Fixes Security Flaws in Google Wallet, Re-enables Prepaid Cards
Google has issued an update to Google Wallet to deal with a couple of security vulnerabilities that popped up last week. Google Wallet users will be able to use prepaid cards from Google once again, and they won’t have to worry about strangers being able to access their PIN.
Earlier this week Google had to disable the sale of prepaid cards because of one of the vulnerabilities. The hack entailed another user resetting Google Wallet, putting in a new PIN and using a prepaid card to get access to the owner’s money. The hack only worked with Google prepaid cards, but the cards are available again because of the new patch.
The other hack required the Android phone to be rooted in order to work. The hack was found by the security firm Zvelo, and it let others gain access to the user’s PIN. It wasn’t a particularly easy hack, certainly not one that can be done in just a few minutes unless the phone’s owner already had their phone rooted.
In the blog post explaining the situation, Osama Bedier, vice president of Google Wallet and Payments, said that the company isn’t “aware of any abuse of prepaid cards or the Wallet PIN resulting from these recent reports.”
He explains that Google expects mobile payments to become more common in the next few years. Bedier also touts the fact that “the digital wallet you carry provides defenses that plastic and leather simply don’t,” which is true, so long as the digital wallet doesn’t have any vulnerabilities.
That the flaws existed in the first place isn’t a good sign for the security of Google Wallet. However, Google did respond rather quickly to the issue. The number of people using Google Wallet is still relatively small thanks to the slow adoption of NFC in Android smartphones, but that will hopefully change soon since Ice Cream Sandwich also has Android Beam which uses NFC. Google will need to make sure than any problems with Google Wallet are fixed this quickly as adoption increases, assuming it does.