Mobile Tech Today

CIO Today Network Sites:   Top Tech News  |   CIO Today   |   Mobile Tech Today   |   Data Storage Today
News & Product Reviews for Mobile Tech Users
Thursday, April 24th 
Real-time info services with Neustar
Trending Topics:   Security Heartbleed Big Data Cloud Computing Windows XP Data Centers OS X Mavericks
Home
Laptops & Tablets
Mobile Phones
Mobile Gadgets
Mobile Apps
BYOD & MDM
iPad
Mobile Industry News
Wireless Connectivity
Wireless Security
GPS & Maps
MTT Press Releases
 
Free Newsletters
Top CIO News
 
Mobile Tech Today
 

Wireless Security

Security Flaws Move Google To Suspend Prepaid Credit Cards

Security Flaws Move Google To Suspend Prepaid Credit Cards
February 13, 2012 10:17AM

Bookmark and Share
Google's suspension of prepaid credit cards followed a security flaw in Google Wallet that became public. Since the credit card belongs to the phone and not to a Google account, someone who finds a lost smartphone can go to the application settings, erase the data associated with Google Wallet, and change the Wallet's PIN, enabling the card.

Barium Ferrite Is The Future Of Tape: Barium Ferrite (BaFe) offers greater capacity, superior performance, and longer archival life compared to legacy metal particle (MP) tape. Click here to learn more.

Are credit cards in smartphone-based wallets safe? Google has insisted they are, but the company is now suspending prepaid credit cards in its mobile wallet because of some security issues.

The move on Saturday by the technology giant follows a report that someone other than a smartphone owner could use the balance on a prepaid card by adjusting the wallet's settings. In a posting Saturday on the official Google Commerce blog, Vice President of Google Wallet and Payments Osama Bedier wrote that the company has "temporarily disabled provisioning of prepaid cards," as a precaution while Google works out a fix.

Two Flaws

The fix, he noted, is needed because of the possibility of "unauthorized use of an existing prepaid card balance if someone recovered a lost phone without a screen lock." Bedier noted that Google Wallet is protected by a PIN, as well as the phone's lock screen. However, many users do not utilize the screen lock, since doing so would require entering a password whenever someone returns to the phone after a break.

Google's action followed a security flaw that began circulating Friday. Since the credit card belongs to the phone and not to a Google account, someone in possession of a smartphone can go to the application settings, erase the data associated with Google Wallet, and change the Wallet's PIN. The funds on a prepaid card can thus become available -- such as to someone who finds a lost phone.

Last week, security firm Zuelo noted another security flaw. Using a rooted smartphone with Google Wallet, someone other than the owner can get access to the Wallet's PIN via a brute force attack on the database storing the PIN, and thus make illegal credit card charges.

Google has noted that the Wallet is not designed for smartphones that have been rooted, which is usually by the owner. Bedier wrote that sometimes "users choose to disable important security mechanisms in order to gain system-level 'root' access to their phone," a practice which Google strongly discourages.

'Paradigm Shift'

Neither of the recently exposed security flaws can be conducted remotely, but require physical access to the device. Google and others have argued that, in theory, smartphone-based credit cards can be more secure than the plastic kind.

Michael Gartenberg, research director at Gartner, said smartphone-based credit cards and virtual wallets are a "paradigm shift, involving a lot of chickens and eggs coming into play."

The plastic-based credit card industry took "a long time to ease people's fears," Gartenberg said, and a "sea change" like credit cards on phones will similarly happen "a lot slower than people think."

Google is "wise to take a step back and make sure things are resolved," he said, adding that the company still needs to educate users as to why virtual credit cards have advantages over the plastic cards they have in their actual wallet.

Tell Us What You Think
Comment:

Name:



 Wireless Security
1. NSC Backs Disclosing Vulnerabilities
2. McAfee Tool To Stop the Heartbleed
3. How, Why Heartbleed Got Its Name
4. Is Heartbleed the Biggest Threat Ever?
5. States Probing Massive Data Breach




 Most Popular Articles
1. Google Glass Finds a Home in Medical Education, Practice
2. HP Rolls Out New Software-Defined Network Products
3. Smartphone Kill Switch Could Save Users $2.6B a Year
4. Avaya Aims To End Network Waiting Game
5. Google Video Shows Off Modular Project Ara Phone

Have an informed opinion on this story?
Send a Letter to the Editor.
We want to know what you think.
Send us your Feedback.

 Related Topics  Latest News & Special Reports

  Opera Coast Offers Safari Alternative
  Salesforce Developing App SOS Button
  What Might an Amazon Phone Offer?
  OnePlus One Boasts Android Weapon
  Samsung Gear Fit Geared for Exercise

 Technology Marketplace
Business Intelligence
Get real-time, cloud-based information services with Neustar.
 
Cloud Computing
Next Generation Data Center Is Here! Vblock™ Systems from VCE
 
Contact Centers
HP delivers the future of the contact center with HP Qfiniti 10.
 
Data Storage
Next Generation Data Center Is Here! Vblock™ Systems from VCE
Barium Ferrite (BaFe) is the future of tape.
2.5" Enterprise-class SATA & SAS SSDs for server & storage applications
 
Enterprise Hardware
Barium Ferrite (BaFe) is the future of tape.
2.5" Enterprise-class SATA & SAS SSDs for server & storage applications
 
Hardware
Protect your network with APC Smart-UPS battery backup
 
Network Security
Protect your network with APC Smart-UPS battery backup
 

Network Security Spotlight
Tech Giants Fund Initiative To Prevent Future Heartbleeds
Can more funding prevent Heartbleed vulnerabilities in future open-source software? A new Core Infrastructure Initiative at the Linux Foundation is attempting to find out.
 
What Verizon's Data Breach Report Can Teach Enterprises
It’s probably not a jaw-dropper, but cyberespionage is officially on the rise. And the use of stolen or misused credentials is still the leading way the bad guys gain access to corporate information.
 
Top Cyberthreats Exposed by Verizon Report
Beyond Heartbleed, there are cyberthreats vying to take down enterprise networks, corrupt smartphones, and wreak havoc on businesses. Verizon is exposing these threats in a new report.
 
Navigation
Mobile Tech Today
Home/Top News | Laptops & Tablets | Mobile Phones | Mobile Gadgets | Mobile Apps | BYOD & MDM | iPad
Mobile Industry News | Wireless Connectivity | Wireless Security | GPS & Maps | MTT Press Releases
Also visit these Enterprise Technology Sites
Top Tech News | CIO Today | Mobile Tech Today | Data Storage Today

Services:
FreeNewsFeed | Free Newsletters | XML/RSS Feed

About CIO Today Network | How To Contact Us | Article Reprints | Services for PR Pros (In partnership with NewsFactor) | Top Tech Wire | How To Advertise

Privacy Policy | Terms of Service
© Copyright 2000-2014 Mobile Tech Today. All rights reserved. Article rating technology by Blogowogo. Member of Accuserve Ad Network.