Google has recently launched their new Google Wallet platform - a way for people to pay for at retail stores simply by waving their phone at a device in the store. You can pay using a MasterCard, Google PrePaid card or store gift card, as well as using rewards cards. Obviously this technology requires special devices at stores as well as a phone with Near Field Communication (NFC) included.
Security research firm ViaForensics released their review of the new Google Wallet platform for Android this week and the news, while not unexpected, is disturbing. It turns out that the software stores several pieces of user data in plain text on the phone. While credit card numbers and actual transactions are encrypted, data such as cardholder name and transaction history are not, allowing for the possibility of social engineering attacks.
Social engineering, for those who do not know, is defined by Wikipedia as,
In other words, by having the right information, a person could gain access to your credit card account, and all of that information is stored on your phone. Hit the break to find out what information is stored on the device and why it is such a big deal.read more...