Report: Google Wallet may leave too much info unencrypted
Mobile forensics and security firm viaForensics has picked apart Google Wallet and found that while generally secure, the app leaves too much information unencrypted.
“While Google Wallet does a decent job securing your full credit cards numbers, the amount of data that Google Wallet stores unencrypted on the device is significant (pretty much everything except the first 12 digits of your credit card),” viaForensics wrote in its report.
A skilled hacker could take this unencrypted information, i.e. name, expiration date, last 4 digits and where you last used your card, and easily use it to his advantage, according to viaForensics. This becomes even easier when you factor in information about the target that is generally available online, such as address and phone number.
The firm maintained that these security issues were with the Google Wallet app and not with the core NFC technology itself.
On a more positive note, viaForensics found that the security features in Google Wallet stood up well to “Man In the Middle” (MITM) attacks over Wi-Fi. The firm also confirmed that when Google Wallet is reset, the name on the card, the expiration date, last 4 card digits and email account are all recoverable, as is the correct balance on the prepaid Google Wallet card.
Read more here.