We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Could You Be Liable for Charges Resulting from Google Wallet PIN Crack?

If an attacker to cracks your Google Wallet PIN protection, you might be responsible for the fraudulent charges that are racked up.

The Google Wallet system appears to be under siege. Over the past couple days, two different methods of potentially cracking or circumventing the PIN security protecting Google Wallet have been revealed. What’s worse is that you could potentially be liable for fraudulent charges racked up with Google Wallet.

The initial revelation wasn’t much of a threat, relatively speaking. It required that the smartphone be rooted -- a process that comes with inherent security consequences the user must be aware of and accept when embarking down that path -- and relies on special software and some hacking skill to get at the PIN data.

The newer issue has much broader implications. An attacker can potentially hijack or circumvent the PIN protection on any Google Wallet smartphone. The device doesn’t have to be rooted, and the technique doesn’t require any special tools or skills.

In either case, though, Jaime Blasco, head of labs with AlienVault, proclaims that the issues surrounding the security of Google Wallet are the direct result of the potential security of the payment card process being sacrificed for the sake of convenience.

Blasco says that we are likely to see more and more convenient payment systems like Google Wallet appearing across smartphones and other mobile devices. He stresses, however, that potential users should stop and consider the risks and think twice about trusting these gadgets with debit or credit card credentials.

The terms and conditions of most credit and debit card agreements protect users from fraudulent charges. However, how much protection is provided, and the specific conditions of receiving the protection vary from one financial institution to the next. Many require that the account holder take reasonable steps to protect their card details, and it is possible that a provider could interpret storing credentials on a smartphone as a violation of that mandate.

Blaso argues, “Put simply, cardholders may find that, if their account is drained of money by cybercriminals, they have no comeback against their bank or financial institution.”

It should be stressed, though, that this is not really a flaw in Android itself. Following basic security practices for your Android smartphone would prevent someone from being able to crack or circumvent the PIN.

In other words, if you use the security controls at your disposal to protect and secure your Android smartphone it would be significantly more difficult to access your Google Wallet, and very hard for a card provider to argue that you had not taken “reasonable steps”. But, if you root your device and/or don’t bother to prevent unauthorized access to it with a lock screen and some sort of PIN or other authentication mechanism, you may very well be liable.

For reference sake, I am including the response from Google related to the more recent issue shared by Jacobsson-Purewal in her article:

Google's Advice

Google has noted the security flaw and tells PCWorld it's currently working on an automated fix that will be available soon. Meanwhile, Google recommends that all Google Wallet users set up a lock screen as an additional layer of protection for their phone.

Google also strongly encourages users who lose or want to sell their Google Wallet-enabled phones call the Google Wallet support (toll-free) number, 855-492-5538, to disable the prepaid card.


IDG UK Sites

Best Christmas 2014 UK tech deals, Boxing Day 2014 UK tech deals & January sales 2015 UK tech...

IDG UK Sites

Chromebooks: ready for the prime time (but not for everybody)

IDG UK Sites

Hands-on with Sony's latest smartglasses

IDG UK Sites

Apple TV setup advice: Apple TV hacks to help you create the ultimate Apple TV hub in your home