Google acknowledged a major hole in its Google Wallet mobile payment platform this weekend after it temporarily disabled its Google Prepaid Cards.
Google announced the change to Google Wallet on the Google Commerce blog late Friday evening. Google Wallet and Payments Vice President Osama Bedier wrote that Google was pulling the prepaid cards, which allow users to upload money from any of their existing credit cards onto Google Wallet, to “address an issue that could have allowed unauthorized use of an existing prepaid card balance if someone recovered a lost phone without a screen lock.” Bedier said that disabling the prepaid cards was merely “a precaution until we issue a permanent fix soon.”
The security hole in Google Wallet received a lot of attention late last week when blogger Hashim of the Smartphone Champ blog published a report detailing how a hacker could easily gain access to a user’s prepaid card, which is connected to the user’s device itself rather than the user’s personal Google account.
It turns out that all a hacker initially has to do to break into your prepaid card is to steal your phone and clear the data on your Google Wallet application. From there the hacker can log back into the application, where they’ll be prompted to enter a new PIN and assign a Google account to the application. But instead of having to enter their own Google Prepaid Card onto the device, they’ll have access to the card that the phone’s original user had already placed on the phone.
Despite this security hole, Bedier maintained that Google Wallet is still a safe and simple way to purchase goods that has “advantages over the plastic cards and folded wallets in use today.” He also said that Google “will learn much more as we continue to develop Google Wallet” and that “mobile payments are going to become more common in the coming years.”
Google Wallet, announced in spring 2011, utilizes near-field communications technology to send very short-range signals to nearby NFC tags to complete payments — or as Google tells it, you’ll only have to tap your smartphone on a store’s credit card processor and you’re good to go. Google debuted the application on the Sprint network with the Nexus S 4G device and the company has said that the app should come to other Android-based devices on other wireless networks in the near future.
NFC payments have become a hot feature on smartphones ever since Google first enabled NFC technology on its Android operating system with the Android 2.3 (“Gingerbread”) update last year. Online payment company PayPal has also developed an NFC-based mobile payment application that runs on the Google Nexus S smartphone.