Google Wallet, the mobile payment service that uses near field communication (NFC) technology and hopes to one day replace the physical wallet that’s already in your pocket, apparently has a security flaw should you be one of the few people daring enough to have a rooted Android device. Now before you freak out and start questioning the security of Google Wallet, we’ll say this again in case you missed it the first time around: This security flaw only impacts owners of rooted Android phones. The guys from the research group “zvelo” discovered a flaw whereby they can see your Google Wallet PIN code with just a simple app. They say Google already knows about it and that only way to fix the issue is for Google to reengineer how Google Wallet works with regards to who is the authenticating party. Right now Google authenticates you, not your bank. All that being said, “zvelo” is confident that Google shouldn’t have too many difficulties making things right. They still however recommend that you use a password on your device and also turn on device encryption.
Compared to a credit card and cash, both of which can easily be stolen, anything that requires a PIN code is pretty much bulletproof. Still, expect to hear more stories like this as NFC takes off and mobile payments become a hot topic of discussion. Right now we’re in the very early days, but it’s only a matter of time until the next iPhone comes out, Windows Phone 8 devices hit the market, and America’s operators launch ISIS. Then there are going to be tens of millions of potential wallets to hack, and you bet lots of folks are going to try.
For the ultra paranoid, just make sure you use a credit card that has a pin chip. Those are damn near impossible to crack. We’d say use cash, but a mugger with a knife is all it takes to end up poor and sobbing on a street corner.
[Via: The Verge]