Google Wallet A Security Risk, Say Researchers

[southfork]

http://www.huffingtonpost.com/2012/0...6pLid%3D134814

NEW YORK (Reuters) - Security researchers said they found a vulnerability in the Google Inc mobile payments platform which is currently available in phones sold by Sprint Nextel Corp.



Mobile payment services that allow consumers to pay by waving their phone at a check-out terminal, instead of using a credit card, have long been available in Japan and some other countries but are only just emerging in the United States.



Isis, a venture of Verizon Wireless, AT&T Inc and T-Mobile USA, is expected to launch an offering to compete with Google but has yet to announce a launch date.



The alleged vulnerability in the Google Wallet was identified by Joshua Rubin, a senior engineer with zvelo, a closely held security firm in Greenwood Village, Colorado.



Rubin developed an app dubbed Wallet Cracker that he says can break the four-digit PIN required to launch the Google Wallet app. He demonstrated how it works in a video on his blog (http://bit.ly/zgO2L6)



Rubin said that he had disclosed his findings to Google and that the company "was able to confirm the issue and agreed to work quickly to resolve it."



Google spokesman Jay Nancarrow in an emailed statement said "We are working to resolve the issue," even as he took issue with the study that prompted the allegations.



"The zvelo study was conducted on their own phone, on which they disabled the security mechanisms that protect Google Wallet by 'rooting' the device," Nancarrow said.



Google, he added, recommends that people not install Google Wallet on "rooted" devices and that they should set up a screen lock as an additional layer of security.



Sprint representatives were not immediately available for comment.



Google's Wallet partners also include Citigroup Inc and payment network MasterCard

[argentos]

Don't you just love these people?



http://en.wikipedia.org/wiki/Google_Wallet

Google Wallet
From Wikipedia, the free encyclopedia


PayPal Lawsuit
Shortly after launch, PayPal filed a lawsuit against Google and two former employees of PayPal - Osama Bedier and Stephanie Tilenius. The complaint alleges “misappropriation of trade secrets” and “breach of fiduciary duty.” The lawsuit reveals that Google was negotiating with PayPal for two years to power payments on mobile devices. But just as the deal was about to be signed, Google backed off and instead hired the PayPal executive negotiating the deal, Bedier. The lawsuit notes that Bedier knew all of PayPal’s future plans for mobile payments, as well as an internal detailed analysis of Google’s weaknesses in the area. Not only that, it accuses him of storing “confidential information in locations such as his non-PayPal computers, non-PayPal e-mail account, and an account on the remote computing service called ‘Dropbox.

[Not Sure]

More like Google is a security risk.