A new fault (or rather a forgotten issue) has been discovered in the Google Wallet non-contact payment system. This provides direct access to pre-paid accounts.
One of the biggest difficulties in managing the non-contact mobile payment system concerns security. The ease of use (place your telephone a few centimetres from the payment terminal) doesn’t mean that the systems security should be compromised.
This aspect is very important for the different devices which are progressively being installed, as it will impact on the general public’s uptake. By trying to get ahead of mobile carriers in the United States, Google has encountered some teething problems with their Google Wallet service which calls on the Android platform.
After an initial fault which allowed users to bypass the PIN code service on Galaxy Nexus devices, a second fault has now allowed hacking to become a lot easier on bother standard and modified smartphones.
The site The Smartphone Champ reports that you simply have to delete the Google Wallet’s application data via the smartphone menu. This folder has no particular protection, with the application then being reset to zero, and a new PIN code being requested which provides direct access to the pre-paid account associated to the handset’s Google identifier.
While physical access to the smartphone is required, the operation only takes a minute with this then providing full access to the Google Wallet account. This will surely lead to some concerns in the event that a smartphone is either lost or stolen. Google is working on a corrective patch and recommends in the meantime that pre-paid accounts be blocked in the event that a smartphone is lost.