New Discoveries Have doubts on Security Google Wallet

The security element of a phone’s NFC receiver is one of the most significant parts of the mobile payment structure of Google Wallet. This is supposed the component that stocks up all information about accounts ensuring that it cannot be attacked by Malware. It also provides the options of including a security layer to the payments made via the mobile phone by asking for the entry of a user-defined PIN before the NFC receiver will give out the details regarding payments. As of now that is what is believed is the technique by which the Google wallet functions, however a few of the latest findings doubting whether this implementation is actually 100% secure.

The first of these findings reveal that the PIN necessary to avail of the validation of the transactions can be retrieved if a person has root access to the mobile phone. On examining the Google Wallet’s code, the group of investigators found that a hash that is stored locally in the mobile phone can be used to retrieved the Pin and that this would go undetected, and because there are only 10,000 four digit groupings how long would it take someone who is intent on retrieving the PIN if he really puts his mind to it?

It has been found that Google is in the know of this flaw however whether a solution is in the offing is unknown. Though they have an idea of how to get the problem fixed, there is a lot of trouble around the NFC implementation that the concerned firms are at loggerhead. There is anxiety that if they do happen to fix this problem doing all the PIN validation aboard the NFC there would be new legal tussles about which of the concerned firms would have control over the storage of the PIN. As of now, what Google is doing is to caution users not to root their mobile phones.

Soon after Google issued this warning, there came on another of the soft spots in the Google Wallet’s security aspect. This had nothing to do with or needed root access. The concept was that you could use a mobile phone that had the Google Wallet installed in it, wipe out the applications information fed into the phone in the applications settings and go about doing the whole thing all over again. You are asked to set your PIN, however while you go to ‘add a payment’ option, the phone should be able to recollect the Google prepaid card that had been used earlier when making a payment through the Wallet. If you can do that then you can quite obviously make transactions with the new PIN you have fed the phone with, nevertheless all your buying will be through the prepaid card used earlier. Google is yet to rely to this hassle.