Google’s Wallet approach is, quite naturally, going to receive a lot of attention (including the undesirable kind) from hackers. News this week, illustrated in this post’s videos, demonstrates security concerns with a rooted Android phone. More concerning is the problem subsequently identified and described in the post’s update (below).
All smartphones face a far more general problem. Clearing all data from a stolen phone is a must. Secondhand iPhones, coming from the United States or Europe, are going for $300 to $1000 in Lagos, Nigeria depending upon how much personal data remains on the device. In many cases, it is very straightforward to find account data, reset them, and compromise the original owner’s email and online accounts.
This is a general flaw in smartphones and it has received almost no attention. Consumers must be educated and the tools to wipe a phone must be strengthened. Google Wallet’s flaws are just one example.
Update: A second more serious flaw has been found by researchers at the Smartphone Champ. An option to clear data and reset payment options on the phone makes it easy for anyone who finds or steals an Android phone to take over the wallet function. It may be no different from losing your physical wallet, but this is a more pressing issue for Google Wallet users. Google says it is aware of the problem and is working on a fix. In the meantime the company is urging users who lose a phone to call a toll free number to disable the pre-paid card function.