updated 10:35 pm EST, Sat February 11, 2012
Google Wallet prepaid cards go down for now
Google quickly reacted to mounting Google Wallet security issues by putting a temporary freeze on new prepaid cards. While at least some existing users could keep paying with theirs, Google was preventing new uses as a "precaution" before it could get a surefire fix, Wallet VP Osama Bedier said in a post Saturday. He nonetheless insisted that Google Wallet had multiple security layers, ranging from its own PIN code requirement to an auto-wipe of local Wallet data if the phone is rooted after the Android app is installed.
Bedier objected to the notion that the exploit discoveries made Wallet any less secure and suggested just the opposite, alluding not just to the security layers but to the inherent issues of trusting a physical card to a stranger. "In fact, Google Wallet offers advantages over the plastic cards and folded wallets in use today," he said.
The executive's views mostly sidestepped the issues surrounding the newest finding. Google for unknown reasons ties access to prepaid cards to individual devices and not just the owner's Google account. As such, all that's needed to get access to a Wallet prepaid card on a stolen phone is to clear the app's data cache to bypass the existing PIN code and then choose to re-add the card, bypassing the need to sign in with the Google account altogether.
For now, the damage may mostly be limited by the short reach of Google Wallet itself. With just the Nexus S 4G and unlocked Nexus phones on AT&T having official access, and the exploit not touching on credit cards, the likelihood is small that someone will have the right device stolen by a thief who knows the Google Wallet trick. [via Android Central]