M-wallet: Google Temporarily Disables Prepaid Accounts Top-up Feature
- Considering the recent disclosures regarding the security of its mobile app, Google announces the temporary unavailability of Google Wallet’s toping up option. This preventive measure occurs as the player is still fighting user rights escalation to install illegitimate apps (rooting). In fact, Google reminds that several attacks can only be executed in these conditions.
- Google is working to remedy the highlighted security breaches as soon as possible. Its assistance services remain available to the users in case of loss, theft of irregular operation.
- Among the recent demonstrations regarding the security holes in this app, the US IT company zvelo has identified a breach enabling PIN retrieval and access to the information stored on the device; yet, this breach can only be exploited in root mode. Short before (in December 2011), viaForensics had also described several techniques making it possible to bypass the security of Google Wallet. Finally, The Smartphone Champ very recently outlined an even more critical vulnerability exploitable without any specific skills: an attacker with no specially crafted software or high privileges, could reset all Google Wallet’s options, change its PIN code and illegitimately use the prepaid account.
- Also to be noted, the mobile carrier AT&T now seems to be proposing to those disposing of a Samsung Galaxy Nexus to opt for Google Wallet –downloadable from the Android Marketplace (hence, without high rights). Nevertheless, Google did not make any formal announcement on this point and AT&T did not comment.