{"id":5916,"date":"2012-02-11T08:59:57","date_gmt":"2012-02-11T08:59:57","guid":{"rendered":"http:\/\/businesstech.co.za\/news\/?p=5916"},"modified":"2012-02-11T09:01:12","modified_gmt":"2012-02-11T09:01:12","slug":"google-wallet-a-security-risk-researchers","status":"publish","type":"post","link":"https:\/\/businesstech.co.za\/news\/mobile\/5916\/google-wallet-a-security-risk-researchers\/","title":{"rendered":"Google Wallet a security risk: researchers"},"content":{"rendered":"<p>Security researchers said they found a vulnerability in the Google Inc mobile payments platform which is currently available in phones sold by Sprint Nextel Corp.<\/p>\n<p>Mobile payment services that allow consumers to pay by waving their phone at a check-out terminal, instead of using a credit card, have long been available in Japan and some other countries but are only just emerging in the United States.<\/p>\n<p>Isis, a venture of Verizon Wireless, AT&amp;T Inc and T-Mobile USA, is expected to launch an offering to compete with Google but has yet to announce a launch date.<\/p>\n<p>The alleged vulnerability in the Google Wallet was identified by Joshua Rubin, a senior engineer with zvelo, a closely held security firm in Greenwood Village, Colorado.<\/p>\n<p>Rubin developed an app dubbed Wallet Cracker that he says can break the four-digit PIN required to launch the Google Wallet app. He demonstrated how it works in a video on his blog (http:\/\/bit.ly\/zgO2L6)<\/p>\n<p>Rubin said that he had disclosed his findings to Google and that the company &#8220;was able to confirm the issue and agreed to work quickly to resolve it.&#8221;<\/p>\n<p>Google spokesman Jay Nancarrow in an emailed statement said &#8220;We are working to resolve the issue,&#8221; even as he took issue with the study that prompted the allegations.<\/p>\n<p>&#8220;The zvelo study was conducted on their own phone, on which they disabled the security mechanisms that protect Google Wallet by &#8216;rooting&#8217; the device,&#8221; Nancarrow said.<\/p>\n<p>Google, he added, recommends that people not install Google Wallet on &#8220;rooted&#8221; devices and that they should set up a screen lock as an additional layer of security.<\/p>\n<p>Sprint representatives were not immediately available for comment.<\/p>\n<p>Google&#8217;s Wallet partners also include Citigroup Inc and payment network MasterCard.<\/p>\n<p>Emily Collins, a Citi spokeswoman, said no Citi cardholder information is stored in the Google Wallet nor are cardholders liable for unauthorized transactions.<\/p>\n<p>Jimmy Shah, a security researcher for security software specialist McAfee, said on Friday that the vulnerability did not appear to be a very easy one to exploit.<\/p>\n<p>But he said it was theoretically possible if a hacker was able to physically steal a user&#8217;s phone.<\/p>\n<p>Shah said that a hacker would need time to install the Cracker app and to install another piece of malware to disable the phone&#8217;s security system before being able to run the Cracker app to retrieve the PIN number.<\/p>\n<p>The hacker would also still need the phone itself in order to be able to make payments using the stolen Google Wallet.<\/p>\n<p>&#8220;It&#8217;s a nice theoretical attack but it&#8217;s not a very simple attack,&#8221; Shah told Reuters.<\/p>\n<p>McAfee is owned by chipmaker Intel Corp.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Security researchers said they found a vulnerability in the Google Inc mobile payments platform which is currently available in phones sold by Sprint Nextel Corp.<\/p>\n","protected":false},"author":7,"featured_media":779,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[34],"tags":[25,1490,1172,375],"class_list":["post-5916","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-mobile","tag-active","tag-google-wallet","tag-risk","tag-security"],"_links":{"self":[{"href":"https:\/\/businesstech.co.za\/news\/wp-json\/wp\/v2\/posts\/5916","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/businesstech.co.za\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/businesstech.co.za\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/businesstech.co.za\/news\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/businesstech.co.za\/news\/wp-json\/wp\/v2\/comments?post=5916"}],"version-history":[{"count":3,"href":"https:\/\/businesstech.co.za\/news\/wp-json\/wp\/v2\/posts\/5916\/revisions"}],"predecessor-version":[{"id":5931,"href":"https:\/\/businesstech.co.za\/news\/wp-json\/wp\/v2\/posts\/5916\/revisions\/5931"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/businesstech.co.za\/news\/wp-json\/wp\/v2\/media\/779"}],"wp:attachment":[{"href":"https:\/\/businesstech.co.za\/news\/wp-json\/wp\/v2\/media?parent=5916"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/businesstech.co.za\/news\/wp-json\/wp\/v2\/categories?post=5916"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/businesstech.co.za\/news\/wp-json\/wp\/v2\/tags?post=5916"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}